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DisdDoc Professional™ 


New Dis*Doc Professional is your dual-mode disas¬ 
sembler to any DOS source code. It works in batch 
and interactive modes simultaneously, allowing you 
to generate the core information of even the most 
complex programs fast.. .and modify them even 
faster. Most programs will come apart in just two 
minutes. Imagine what you can do with a tool this 
powerful! Dis'Doc sifts through programs eight 
times for guaranteed accuracy. When code gets 
mixed up with data, our toolbox comes to the rescue 
with smart search and easy edit utilities. 

Warning: Dis*Doc Professional may change the way 
you work forever. 

Programmers who used to shy away from fixing 
outmoded programs with no source code are going 
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From C to Shining C ++ 
Borland Covers the Territory 


Borland’s C and C++ family spans the 
range of programming needs, inheriting 
power while breaking new ground. 

New! Borland C++ & 
Application Frameworks 
—a quantum leap forward 

If you can’t afford to waste time and 
manpower wrestling with Windows API 
or constructing a user interface, you need 
Borland® C++ & Application Frameworks. 
An application framework cuts develop¬ 
ment time by giving you a sleek, intuitive 
user interface and high-level objects that 
you can bolt right onto your application or 
customize any way you wish. You can 
create an editor with just one line of code, 
or your programs can inherit windows, 
menus, scroll bars, mouse support and 
more. The ObjectWindows™ application 
framework streamlines Windows develop¬ 
ment. It automates initialization and gives 
your applications more functionality with 
less code. Turbo Vision™ for DOS gives 
you similar capabilities for a character- 
based environment. And both frameworks 
come with complete source code. 

Borland C++ & Application Frameworks 
is the powerful choice for C and C++, for 
an investment of just $695°°. 

Borland C++ for a new 
dimension in professional 
programming 

For mission-critical applications in 
Windows or DOS, you need the power 


and performance of an advanced language 
compiler. Borland C++, the development 
system designed for professionals, lets 
you reach new vistas of productivity in 
C and C++ programming. Precompiled 
headers slash compilation time, and the 
Turbo Drive™ DOS-extender lets you 
compile huge applications fast. The 
award-winning Turbo Debugger® 
for Windows provides intelligent inter¬ 
active debugging on a single monitor. 
Turbo Profiler™ spots bottlenecks 
in your program, and you can use 
Turbo Assembler® to optimize time- 
critical routines. Borland C++ is the 
solid choice for professional development 
for $495°°. 

New! Turbo C++ & 

Turbo Vision gives you 
a head start 

The combination of Turbo C++ and the 
Turbo Vision application framework for 
DOS shortcuts development time by 
giving you a ready-made user interface 
with menus, scroll bars, mouse support, 
and an event-driven architecture that you 
can plug right into your applications. 
High-level objects such as an editor, a 
calculator, a calendar and more are ready 
for you to add to your applications with 
just a few lines of code. If you want the 
fast path for DOS programming, choose 
Turbo C++ & Turbo Vision. A lot of 
power for $199 95 . 


Turbo C++ is the starting 
point for C and C++ 

To begin C or C++ programming, you 
need a compiler that helps you master 
both C and object-oriented C++. 

Turbo C++ gives you a fast start with 
online context-sensitive help, tutorials and 
examples that you can paste into your own 
programs. But Turbo C++ is more than a 
tutor, it’s a great C and C++ compiler. 
Turbo C++ has won PC Magazine’s 
Technical Excellence Award, BYTE 
magazine’s Award of Excellence and many 
more. For a compiler that’s easy enough 
to start with yet powerful enough to stay 
with, you need Turbo C++. Only $99 95 . 

The shining path to the 
power of C++ 

Every Borland C++ product fully supports 
both C and C++, so you can use the full 
capabilities of C and easily move to the 
object-oriented powers of C++. And 
The World of C++ training course makes 
it easy to master C++. Videos, workbook 
and source code show you the way for 
only $199 95 . 

With the Borland family of C and C++ 
development systems, you can go as far as 
your creativity will take you. Don’t wait 
until tomorrow to start. 

See your dealer 
or call now 
1-800-331-0877 


BORLAND 

The Leader in Object-Oriented Programming 
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From 

The Editor 


I first read Charles Simonyi’s paper on the so-called Hungarian variable naming 
convention several years ago. I decided back then that the ideas in it were mis¬ 
guided, but if other software companies wanted to increase their maintenance costs 
by adopting such a standard, I certainly wasn’t going to complain. When the Win¬ 
dows documentation adopted the naming convention for specifying the Windows 
API, Hungarian notation became more of an irritant. Now I have to see it even 
though I don't use it. The last straw was the August, 1991, Byte article that labeled 
Hungarian notation a developing standard. The idea that less experienced program¬ 
mers could be led to believe that the programming community as a whole accepts 
the Hungarian notation is perturbing. 

There are two key ideas in Simonyi’s thesis. The first is the most obvious and 
usually receives the most attention. He advises embedding the data type of each 
variable in its name, in an abbreviated form. For example, ppliHead is a pointer to a 
pointer to a “list item”. Each time you create a new type, you assign it a tag of two 
or three "memorable or random” characters. Random? That’s what the article says. 
Embedding the data type in the variable name is supposed to bring far-reaching 
benefits such as preventing incorrect type assignments and helping you think more 
clearly. 

This is a lot of work just to get around the fact that C typedefs are really type 
macros and do not create new types. Why not move up to C++ or build or buy a 
tool that does this checking for you? If you insist on doing work that software can 
do cheaper, faster, and more accurately, then go ahead and embed the data type in 
its name. Maybe it will help you catch that incorrect assignment of a ppppli to a 
pppli. It will certainly sharpen your ability to remember random character strings. 

The insidious side of Simonyi's thesis is the part that argues that you should 
construct variable names with a formula rather than spending time thinking of 
descriptive names. The Byte version of the thesis has toned down this point from his 
earlier paper, but it is still an integral part of the notation. To quote the Byte article: 
“beware of readable names.” He even gives several “standard” variable names to 
select from. And, if you only have one variable of a given type in the current scope, 
then there is no need to append any name to the data type encoding. ppliHead 
becomes ppli, if there is only one ppli in scope! In the ideal Hungarian world, you 
quickly construct each variable name by applying a formula to its data type and 
then selecting a qualifier from a short list of names, if necessary. The goal is to 
eliminate that painful, time-consuming task of thinking of a descriptive name. 

The purpose of a variable, not its data type, is its most important attribute. Vari¬ 
able naming is a small part of programming, but worth the effort of every program¬ 
mer who wants to write code that can be easily read, understood, and maintained. 
We can all do better at this task, but few can do worse than follow the principles 
espoused by the Hungarian notation. 

Ron Burk 

Editor 
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Architectures For 32-Bit Windows Applications 

Walter Oney 


The Intel 386/486 architecture incorporates several 
advanced concepts that Windows 3 exploits. Protected- 
mode operation provides access to extended memory 
and to protection mechanisms that simplify writing reli¬ 
able programs. Windows employs hardware paging to 
provide virtual memory in a linear address space. The 
processor’s virtual 8086 feature supplies virtual 
machines that Windows uses to segregate DOS applica¬ 
tions and to virtualize I/O devices and other system 
resources. 

Besides features aimed at virtualizing memory and 
other resources, these advanced chips also offer 32-bit 



data and addressing registers to improve performance 
over their 80x86 16-bit ancestors. Programs can perform 
32-bit arithmetic easily and quickly without having to 
concatenate 16-bit operations to produce the desired 
result. Since individual memory segments can be up to 
four gigabytes long, a program using 32-bit addressing 
can conveniently deal with large arrays. Moreover, by 
relying on the so-called "flat” memory model, a pro¬ 
gram can use 32-bit near pointers and avoid the over¬ 
head of loading a descriptor cache each time it uses a 
different pointer. 

Windows 3 applications cannot easily use the 32-bit 
features of the new chips, however. A fast path to a 
working 32-bit application would be to use a DPMI- 
compliant DOS extender to create a 32-bit back-end 
DOS server that communicates with a 16-bit front-end 
Windows client. This article explores two alternate ar¬ 
chitectures for 32-bit Windows applications. The first 
idea revolves around the WINMEM32.DLL interface 
provided by Microsoft; it is primarily suitable for 16-bit 
applications that can benefit from running isolated sub¬ 
routines in 32-bit mode. The second idea is to construct 
a “Windows extender" that allows you to write a com¬ 
plete Windows application (including the user interface) 
as a flat-model 32-bit program. The second part of this 
article discusses the problems involved in constructing 
such a Windows extender, and is based on my ex¬ 
perience developing the BigWin™ extender for Rational 
Systems. Inc. 

WINMEM32 

As part of the Windows Software Development Kit 
(SDK), Microsoft distributes a Dynamic Link Library 
named WINMEM32.DLL and documented in Appendix E 
of the second volume of the SDK Reference. WINMEM32 
exports several functions, of which Global32Alloc() 
and Globall6PointerAlloc() are the most important. 
Global32Alloc() uses regular Windows memory 
management functions to allocate a USE32 segment 
(one in which the CPU assumes that operands and ad¬ 
dress operands are 32 bits in length). 
Globall6PointerAlloc() creates a 16:16 alias pointer 
to a portion of a 32-bit segment. Using such an alias is 
the only way a 16-bit program can access more than 
the first 64K of a USE32 segment. 

Wo/ter is a principal software engineer at Rational 
Systems, Inc, 220 No. Main St., Natick, MA 01760. (508) 
653-6006. He is responsible for developing Windows-re¬ 
lated products such as the BigWin™ 32-bit Windows 
extender. 
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WINMEM32 makes it relatively simple to attach a 32-bit 
appendage to an application that is fundamentally a 16-bit 
program. The appendage might contain subroutines for doing 
arithmetic in the 32-bit registers, for example, or it might in¬ 
clude code and data that make heavy use of linked lists or of 
huge arrays exceeding 64K. A computationally intensive ap¬ 
pendage gains speed from the wide data path. A pointer-in- 
tensive appendage runs faster because it does not need to 
reload segment registers frequently (loading a segment 
register in protected mode also entails fetching the descriptor 
that describes the segment). 


dent memory in a 32-bit segment. It then reads (or constructs 
by zero-filling) each page of the target program in turn; within 
the loop, Globall6PointerAlloc() returns a 16:16 alias 
pointer to the current page in memory. Finally, FlatLoad calls 
Global32CodeAlias () to create a code alias for the program's 
single segment. The descriptor for the code alias selector has 
the same values as the original USE32 descriptor except that 
the access rights byte shows that the segment is executable 
and readable. 

Calling A 32-Bit Program 


How To Load A 32-Bit Program 

I can best illustrate the techniques you use with WIN- 
MEM32 with an example. Suppose you want to create a 32-bit 
subroutine that calculates the sum of the squares of the first 
n integers. The C source for this simple program would be 
something like Listing 1 (note that the C data type int means 
a 32-bit integer to a 32-bit compiler). 

You would compile this program with a flat-model com¬ 
piler such as the one Microsoft distributed with beta copies of 
OS/2 version 2. You would then use a flat-model linkage 
editor such as LINK386 (also from Microsoft) to link the result¬ 
ing object module with a main program like the C32RT0.ASM 
program shown in Listing 2. These steps yield a Linear Ex¬ 
ecutable .EXE file with a main entry point that accepts one 
argument (namely the argument needed by sumsqO) and that 
returns the desired function value in 
the EAX register. 

To call sumsq() from a Windows ap¬ 
plication, you need to construct a flat- 
model loader and a runtime wrapper. 

FlatLoad, shown in Listing 3 and Listing 
4, is a sufficient loader. It accepts a 
pathname as an argument and returns 
the selectors and addresses needed to 
execute the program at its main entry 
point. FlatLoad reads the header of the 
.EXE file to locate the embedded linear 
executable built by L1NK386. It finds the 
total length of the target program and 
calls Global32Alloc() to allocate suffi- 


Listing 5 displays FlatCall, a routine that will call a 32-bit 
program and return its value. FlatCall accepts two argu¬ 
ments for itself and a variable number of arguments for the 
target program. The first argument specifies the initial execu¬ 
tion state of the target routine, and the second indicates how 
many bytes of arguments FlatCall should copy from the 
caller's 16-bit stack onto the target program’s 32-byte stack. 
You would use this routine to calculate the sum of the 
squares of the first 42 integers with a statement such as 

long SumSquares = FlatCall(IpState, 4, 42); 

I wanted to write FlatCall as a C program with a small 
amount of in-line assembler to make the point that you do not 
need complex code to make a simple call from 16- to 32-bit 
code. I would have needed to use _emit so much, however, that 


Listing 1 


* subsq.c - 32-bit sum-of-squares 
function. 

* 

* Assumes ints are 32 bits. 

*/ 

int sumsq(int n) 

{ 

register int i; 
register int sum = 0; 
for (i = 1; i <n; ++i) 
sum += i * i; 
return sum; 

) 

/* End of File */ 



Listing 2 


C32RT0 - 

Simple main program for WINMEM32-oriented 32-bit programs 


Written by Walter Oney 



Note: Define the symbol TGT (with 

a /d option in the HASM386 command 


line for 

this module) as the name 

of the target program. 


name 

c32rt0 



.386 

dosseg 

.model 

small,c 



public 

acrtused 

; satisfies demand from compiled code 


_acrtused equ 

1234h 


stack segment dword use32 stack 'stack' 


db 

1024 dup (0) 


stack ends 




.data 



retaddr df 

? 

; return addr to USE16 caller 


dw 

? 

; padding for 2d pop instr 


.code 



astart proc 

far 



pop 

dword ptr retaddr 

; preserve 16:32 return addr 


pop 

dword ptr retaddr+4 

; to our USE16 caller 


extrn 

TGT:near 



call 

TGT 

; call target program 


jmp 

[retaddr] 

; return to original caller 

astart endp 




end 

astart 


1 

End of File 
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the program would have become very obscure, so I wrote the 
assembler version in Listing 5. 

Some subtleties in FlatCall require elaboration. First, 
FlatCall has to switch stacks before calling the 32-bit target 
program. The reason is very prosaic - the Hat-model compiler 
assumes that 05, ES, and SS all hold the same selector value 
so that it can generate code that blithely ignores the dif¬ 
ference between static and automatic data. Similarly, the 
compiled code in your Windows application probably assumes 
that DS and SS have the same selectors, too. Since your 16-bit 
data segment is assuredly different from the big data segment 
used by the 32-bit program, it follows that the 16- and 32-bit 
components of your application require separate stacks. 

Another subtle aspect of FlatCall is the way it interacts 
with C32RT0 to transfer control be¬ 
tween the 16-bit caller and the 32-bit 
target program. The assembler places 
an operand-size override prefix before 
the CALL instruction in FlatCall be¬ 
cause the instruction operand is a six- 
byte FUORD. The override causes the 
processor to interpret the operand as a 
16:32 far pointer and to push a 16:32 far 
return address onto the stack. When 
C32RT0 gets control at its entry point, it 
pops the 16:32 far return address off 
the stack into a static variable and then 
executes a near call to the actual target 
program (namely sumsqO). The target 
program needs this stack manipulation 
so it can find its arguments and execute 
a near return when it is finished. 

C32RT0 then executes a far JMP instruc¬ 
tion to return to FlatCall. 

Because it saves its return address in 
static memory, C32RT0 (and therefore 
the whole 32-bit appendage) is not 
reentrant. This is not a real handicap, 
since I assume that the 32-bit target 
program will not call back into any 16- 
bit code that might cause recursion. 

Simplicity At A High Price 

The approach just described has 
great simplicity. Since it permits no ex¬ 
ternal references, FlatLoad avoids the 
usual complication of dynamic symbol 
resolution. The loader can also ignore 
internal relocation because WINMEM32 
provides a segment whose base ad¬ 
dress matches the load point of the tar¬ 
get module. 

The price for simplicity here is, un¬ 
fortunately, reduced function. Not being 
able to call external routines is a severe 
handicap. In addition, the 32-bit pro¬ 
gram must use a 16:32 far pointer to 
access memory outside its own flat 
segment; this fact eliminates one of the 
reasons for wanting to use 32-bit code 


in the first place. Finally, I am unaware of any debugger that 
will help you debug the 32-bit portion of an application con¬ 
structed according to this model. (I do not count WDEB386, 
since it does not give you access to source code and does not 
trap faults in an application program.) 

You could overcome these and other limitations of the 
model with sufficient effort. For example, you could write a 
runtime loader that would resolve references to entry points 
in a DLL in such a way that the needed stack and code-seg¬ 
ment switch would happen automatically. I believe, however, 
that the same effort is better invested in the Window ex¬ 
tender approach described in the remainder of the article. 


COMPUTER 


LANGUAGE 

EEZE 




5.0 presents 
C Bug # 648 


#include <stdio.h> 


int main () 


1 

int n = 400 * 400 

/ 400 ; 

printf ( "%d\n" 

n ) ; 

return O; 

1 



What is printed? It looks like it should be 400 but if you try this on 
MS-DOS, you will get 72. Where’s the error? Compilers won’t tell you. 


PC-lint will catch this and many other 
C bugs. Unlike your compiler, PC-lint 
looks across all modules of your appli¬ 
cation for bugs and inconsistencies. 

New - Optional Strong Type Checking 
and variables possibly not initialized. 

More than 330 error messages. More 
than 105 options for complete cus¬ 
tomization. Suppress error messages, 
locally or globally, by symbol name, by 
message number, by filename, etc. 
Check for portability problems. Alter 
size of scalars. Adjust format of error 
messages. Automatically generate ANSI 
prototypes for your K&R functions. 


Attn: Power users with huge programs. 

PC-lint 386 uses DOS Extender 
Technology to access the full storage 
and flat model speed of your 386. Now 
fully compatible with Windows 3.0 
and DOS 5.0 

PC-lint 386-$239 
PC-lint DOS or OS/2 - $139 

Mainframe & Mini Programmers 
FlexeLiflt in shrouded source 
form, is available for Unix, OS-9, 
VAX/VMS, QNX, IBM VM/MVS, 
etc. Requires only K&R C to com¬ 
pile but supports ANSI. Pricing 
starts at $798. Call for details. 


PA add 6% sales tax. 


Gimp®! G@f3war<a 

3207 Hogarth Lane, Collegeville, PA 19426 

CALL TODAY (215)584-4261 Or FAX (215)584-4266 

30 Day Money-back Guarantee. 

PC-lint and FlexeLint are trademarks of Gimpel Software 
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Listing 3 


j**★*****★***★*★*★★★★★*★*★★*****★★***★*★*★*★****★★★******★★*********★***★***★j 
/* 

/* FLATLOAD.C - Linear executable loader for WINMEM32-based programs 
/* 

/* Written by Walter Oney 
/* 

j ********************************* *********** ************ ******* ************* j 


/* Include files */ 
finclude “windows.h" 
finclude "string.h" 
#include “newexe.h" 
#define FOR_EXEHDR 1 
#include "exe386.h“ 
#include "winmem32.h” 
finclude "flatload.h" 


/* Windows API */ 

/* string functions */ 

/* new executable dels (OS/2 SDK) */ 

/* (prevent duplicate def'ns) */ 

/* linear executable dels (OS/2 SDK) */ 
/* WINMEH32 API (Win3 SDK) */ 

/* FI at Load API dels */ 


/* Accessing macros for portions of the loader section: */ 

typedef struct o32_obj *P0BJ; 
typedef struct o32_map *PMAP; 

Idefine objtab ((POBJ) ldrsect) 

fdefine objmap ((PMAP)(ldrsect+lxhdr.e32_objmap-lxhdr.e32_objtab)) 


/* FlatLoad loads a linear executable into a nonzero-based USE32 segment. It 
returns "TRUE" if the load was successful. */ 


BOOL FAR PASCAL FlatLoad 
(LPSTR lpFileName, 
LPSTATE32 IpState) 

( 

/* Local variables */ 


/* name of file to load */ 

/* where to put initial state descriptor */ 
/* FlatLoad */ 


int hFile; 

struct exe_hdr oldhdr; 
DWORD e32_base; 
struct e32_exe lxhdr; 
HANDLE hLdrsect; 

LPSTR ldrsect; 

POBJ op; 

POBJ olast; 

DWORD dwSize; 

DWORD pagemask; 

WORD bigds; 


/* input file handle */ 

/* HZ header of main file */ 

/* offset to start of LE header */ 

/* LE header of target subfile */ 

/* handle of loader section memory */ 

/* pointer to basic loader info */ 

/* current object */ 

/* last object */ 

/* size of target program */ 

/* page-size mask (e.g., 4095) */ 

/* target pgm's data segment selector */ 


/* Open the input file and read in the header of the linear executable 
subfile. In the interest of simplicity of exposition, assume that 
everything works. */ 


hFile = _lopen(lpFileName, READ); 

_lread(hFile, (LPSTR) &oldhdr, sizeof(oldhdr)); 
e32_base * oldhdr.e_lfanew; 

_llseek(hFile, e32_base, 0); 

_lread(hFile, (LPSTR) Slxhdr, sizeof(lxhdr)); 

/* Allocate local heap memory for the basic "loader section" info. */ 

hLdrsect * LocalAlloc(LPTR, (WORD) lxhdr.e32_ldrsize); 
ldrsect * LocalLock(hLdrsect); 

_llseek(hFile, lxhdr.e32_objtab + e32_base, 0); 

_lread(hFile, ldrsect, (WORD) lxhdr.e32_ldrsize); 

/* Determine how much memory is required for the target 32-bit program 
and create a USE32 segment to hold it. */ 


op = objtab; 

olast * op + lxhdr.e32_objcnt; 
dwSize = 0L; 

pagemask * lxhdr.e32_pagesize - 1; 
for ( ; op < olast; ++op) 

dwSize += (op->o32_size + pagemask) & "pagemask; 
Global32Alloc(dwSize, &bigds, dwSize, 0); 


A Windows Extender 

Ideally, you would like to program 
an entire application using the 32-bit 
linear address space. I call this 
hypothetical application a BigApp for 
short. Microsoft has announced a 32-bit 
version of Windows, calling it “Win32" 
or “Windows 4” at various times; that 
product will make BigApps the norm, 
but a version that will run under DOS is 
not due until 1993 according to current 
estimates. A Windows extender, how¬ 
ever, lets you run a BigApp under Win¬ 
dows 3 right now. This section 
describes how such a product works. 

The technical challenge for a Win¬ 
dows extender boils down to two ac¬ 
tivities: loading the application and then 
executing it within the surrounding 16- 
bit environment of Windows 3. A 
relocating loader for the linear ex¬ 
ecutable format produced by LINK386 is 
a straightforward extension of the 
FlatLoad program described earlier. 

A runtime monitor surrounds the 
BigApp to intercept and translate each 
API call from the BigApp into Windows. 
It also intercepts and buffers callbacks 
from Windows into the BigApp. The 
process metaphorically resembles 
changing the high voltage of 32-bit 
programs into the low voltage of 16-bit 
programs, so I use the terms stepdown 
transformer and stepup transformer to 
describe these API and callback trans¬ 
lators. 

A Dagwood Sandwich 
Of Code And Data 

Figure 1 is a pictorial representation 
of an .EXE containing a BigApp. The file 
begins with a normal MZ style of .EXE 
file header that describes a DOS stub. If 
you try to execute the program from a 
DOS prompt, the stub gains control and 
announces that Windows is required to 
run the program. The header also 
points to a segmented executable sub¬ 
file. The segmented executable header 
contains the signature NE (for “new ex¬ 
ecutable"). An NE sub-file contains an 
executable Windows application, the 
resources it requires at runtime, and 
symbolic linkage information that al¬ 
lows dynamic resolution of external ref¬ 
erences. In this case, the executable 
Windows application described by the 
NE header is the runtime monitor, but 
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Listing 3 — Cont’d 


/* Load the target program */ 

for (op = objtab; op < olast ; ++op) 

{ /* for each object */ 

PMAP mp - objmap + (op->o32_pagemap - 1); 

PMAP mlast = mp + op->o32_mapsize; 

DWORD pagebase - op->o32_base; 

WORD nBytes - lxhdr.e32_pagesize; 

for (; mp < mlast ; ++mp, pagebase +* nBytes) 

( /* for each page in object */ 

WORD nPage - GETPAGEIDX(*mp) - 1; 

DWORD dwPage = (DWORD) nPage * nBytes; 

LPSTR pPage; 

Globall6PointerAlloc(bigds, pagebase, (LPDWORD) ipPage, nBytes, 0); 
if (nPage -- lxhdr.e32_mpages - 1) 

nBytes * lxhdr.e32_lastpagesize; /* last page in pgm */ 
switch (mp->o32_pageflags) 

{ /* handle this type of page */ 

case VALID: 

_11 seek(hFi1e, lxhdr.e32_datapage + dwPage, 0); 

_lread(hFile, pPage, nBytes); 
break; 

case ZEROED: 

_fmemset(pPage, 0, nBytes); 
break; 

) /* handle this type of page */ 

Global16PointerFree(bigds, (DWORD) pPage, 0); 

) /* for each page in object */ 

} /* for each object */ 

/* Fill in the initial state descriptor. */ 

lpState->ss * bigds; 

lp$tate->esp * objtab[lxhdr.e32_stackobj-l].o32_base + lxhdr.e32_esp; 
Global32CodeAlias(bigds, &lpState->cs, 0); 

lpState->eip = objtab[lxhdr.e32_startobj-l],o32_base + lxhdr.e32_eip; 

/* Release working memory and return to caller. */ 

LocalUnlock(hLdrsect); 

LocalFree(hLdrsect); 
return TRUE; 

) /* FlatLoad */ 

y****************************************************************************y 

/* FlatUnload releases the memory used by a program FlatLoad previously 
loaded. */ 

VOID FAR PASCAL FlatUnload 

(LPSTATE32 IpState) /* 32-bit program descriptor */ 

{ /* FlatUnload */ 

Global32CodeAliasFree(lpState->ss, lp$tate->cs, 0); 
Global32Free(lpState->ss, 0); 

) /* FlatUnload */ 


/**********************************************************************/ 
/* Dynamic Link Library initialization: */ 


int FAR PASCAL LibMain 
(HANDLE hlnstance, 
WORD wDataSeg, 

WORD wHeapSize, 
LPSTR IpCmdLine) 

{ 

return TRUE ; 

) 


/* library instance handle */ 
/* data segment selector */ 

/* size of local heap */ 

/* command line */ 

/* LibMain */ 

/* indicate success */ 

/* LibMain */ 


/***************************************************************★***★**/ 


/* Library exit procedure (called on whim in Windows 3.0): *1 


int FAR PASCAL WEP 
(BOOL bSysExit) 
( 

return TRUE ; 

) 

/* End of File */ 


/* true if system exit occurring */ 
/* WEP */ 

/* indicate success */ 

/* WEP */ 


IF YOU PROGRAM 

in C, C++, Basic, Fortran, 
Cobol, Pascal, dBase, 

HI-SCREEN Pro If 

is your user interface solution 

Our new HI-SCREEN Pro II is an integrated 

environment for creating and managing user 

interfaces for your programs. 

>- Built-in editors allow you to interactively 
generate objects (windows, menus, icons, 
mouse cursors, graphs, help screens, etc.) 

>- Your programs can easily manipulate these 
objects, using a set of powerful functions. 

>- You can test all objects directly under the 
editor in any graphic mode (Hercules, CGA, 
EGA, VGA). 

>- New features include: New Icon Editor • 

New Menu Generator • New Graph Editor • 
New Library Generator • Enhanced scrolling 
(automatic scroll boxes) • 25/30/43/50 
line mode support • Enhanced data 
validation • etc. 



>- Supports all versions of C, Basic, Coboi, 
Fortran, Pascal, dBase, Assembly, etc. 

> Call for OS/2 and Windows versions. 

> Includes linkable modules for C, Pascal, 
Fortran, Cobol, Clipper and Quick Basic. 


HI-SCREEN Pro il $395 

Upgrades Call 


30 day money-back guarantee • No royalties 

1 -800-338-2852 

Tel: 415-896-0708 •Fax: 415-896-0709 

Softway, Inc. 

185 Berry Street, Suite 5411, 

San Francisco, CA94107 
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the resources are the ones needed by the BigApp. 

If you think of the DOS stub and the segmented executable 
as the bread surrounding the sandwich, the BigApp is the fill¬ 
ing. You would use a flat-model linkage editor like Microsoft's 
LINK386 to create a Linear Executable (LE format) image of the 
BigApp. By using the STUB statement in the module definition 
(.DEF) file, you cause the linkage editor to perform the sensi¬ 
tive step of assembling the ingredients of the sandwich. 

The Stepdown And Stepup Transformers 

Tracing through the presentation of a dialog box will il¬ 
lustrate the concepts behind the stepdown and stepup trans¬ 
formers. You might call DialogBoxO like this 


iCode = DialogBox(hInstance, 
lpTemplateName, hWndParent, 
lpDialogFunc); 

In the 16-bit version of this call, hInstance is a 16-bit instance 
handle, lpTemplateName is a 16:16 far pointer to a character 
string naming the dialog box template in the resource file, 
hWndParent is a 16-bit window handle identifying the parent 
of the dialog, and lpDialogFunc is the 16:16 far procedure 
instance address of the dialog function that will handle mes¬ 
sages. The CALL instruction generated by the compiler will use 
a 16:16 far pointer to the actual DialogBoxO function, whose 
address is discovered dynamically at runtime as part of the 
normal DLL resolution mechanism. 

To process the call, Windows creates a dialog window with 
whatever controls and other parts the 
template describes, and it operates a 
message loop for that window until 
your dialog function dismisses the 
dialog by calling EndDialogf). Dialog¬ 
BoxO then returns a 16-bit code in AX 
that equals the argument you passed 
to EndDialogO. 

The callbacks to the dialog function 
use the calling sequence 

bResult = DialogFunc(hDlg, 

wMsg, wParam, lParam); 

in which hDlg is a 16-bit dialog window 
handle, wMsg is a 16-bit message iden¬ 
tifier, wParam is a 16-bit parameter, and 
lParam is a 32-bit parameter. The return 
value is a 16-bit boolean quantity in¬ 
dicating whether the dialog function ac¬ 
tually processed the message. 

The same call in a 32-bit flat model 
program will be very different. The two 
integer arguments, hlnstance and h- 
WndParent, will be 32-bit quantities. The 
two pointer arguments, IpTemplate- 
Name and lpDialogFunc, will be :32 flat 
pointers. The CALL instruction also 
employs a :32 flat pointer. The compiler 
expects the return value to be a 32-bit 
integer in the EAX register. Furthermore, 
the code generated for the dialog func¬ 
tion expects to be reached by a 32-bit 
near call with four 32-bit integer argu¬ 
ments, and it will return a 32-bit quan¬ 
tity in EAX. 

The stepdown and stepup trans¬ 
formers resolve the evident “voltage” 
mismatch between the 16-bit Windows 
API and the 32-bit BigApp. Figure 2 
sketches the process by which this oc¬ 
curs. In summary, the BigApp call to 
DialogBoxO is routed via a generic 
stepdown transformer to the 16-bit 


Listing 4 

I***★**★★***★★★****★★**★*★*★★*★★★★★*★*★★**★******★***★★**★★★★*★**★******★****i 
/* 

/* FLATLOAD.H - Declarations for the FlatLoad linear executable loader 
/* 

/* Written by Walter Oney 
/* 

j******************************+**+****************************************** J 

#ifndef FLATLOAD_H 
#define FLATLOAD_H 

/* Structure describing initial state of 32-bit program: */ 
typedef struct 

{ /* 32-bit program state */ 

unsigned long eip; /* 16:32 address of main entry point */ 

unsigned short cs; 

unsigned long esp; /* 16:32 initial stack address */ 

unsigned short ss; 

} STATE32, FAR *LPSTATE32; /* 32-bit program state */ 

/* Function prototypes: */ 

extern BOOL FAR PASCAL FlatLoad(LPSTR lpFileName, LPSTATE32 IpState); 
extern VOID FAR PASCAL FIatllnload(LPSTATE32 IpState); 
extern long far _cdecl FlatCall(LPSTATE32 IpState, int nBytes, ...); 
lendif 

/* End of File */ 


Listing 5 


FLATCALL.ASM - Routine to call 32-bit subroutine from 16-bit WinApp 

C calling sequence: 

dwResult = FlatCall(IpState, nBytes, args ...) 

Where: 

DWORD dwResult 
LPSTATE32 IpState 
int nBytes 
[any] args 

Notes: 

1. This program is declared _cdecl to facilitate passing a variable 
number of arguments. If the target program uses the Pascal 
calling convention, the caller must place its arguments in 
reverse of the normal order. 


32-bit return value from target program 
Initial state for 32-bit program 
Number of bytes worth of arguments 
Arguments for target program 
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Listing 5 — Cont’d 

2. This program uses no static data and is both reentrant and 
suitable for packaging in a DLL. 

Written by Walter Oney 


name 

flatcall 


dosseg 



.model 

large,c 


• 386p 


; AFTER model to get usel6 defaults 

state32 struc 



s32 tgt df 

? 

; cs:eip of target program 

s32 stk df 

? 

; ss:esp of target program 

state32 ends 



.code 



FlatCall proc 

uses si di, IpStateidword, nBytes:word, args:word 

push 

ds 

; save caller's DS 

; Extract the arguments from 

the 16-bit stack before we lose easy 

; addressability by switching stacks. 

lfs 

bx, IpState 

; FS:BX -> 32-bit state descriptor 

movzx 

ecx, nBytes 

; get # bytes of arguments 

lea 

si, args 

; DS:ESI -> target pgm args 

movzx 

esi, si 

; 

mov 

ax, ss 

; 

mov 

ds, ax 

; .. 

mov 

dx, sp 

; save current SP in DX temporarily 


Switch to 

the 32-bit stack 

used by the target program. Save the 


SS:SP belonging to the 16- 

bit program and copy the arguments for the 


target program. 


lss 

esp, fs:[bx.s32 

_stk] ; switch to target pgm stack 

push 

ds 

; save 16-bit SS:SP on tgt stack 

push 

dx 

; .. 

sub 

esp, ecx 

; backup by size of arguments 

mov 

ax, ss 

; ES:EDI = copy of SS:ESP 

mov 

es, ax 

; 

mov 

edi, esp 

; .. 

cld 


; be sure of forward direction 

db 

0F3h, 67h 

; repeat + address size overrides 

movsb 


; copy argument onto target stack 

; Call the target program. 


mov 

ax, ss 

; force DS == ES == SS 

mov 

ds, ax 

> • • 

call 

fs:[bx.s32_tgt] 

; call the target program 


Switch back to the 16-bit 

stack, whose address is on the 32-bit 


stack at offset EDI (left 

over from the MOVSB loop above and preserved 


by the target program) 


lss 

sp, ss: [edi] 

; switch back to 16-bit stack 

mov 

edx, eax 

; put 32-bit result into DX:AX 

shr 

edx, 16 

» • • 

pop 

ds 

; restore caller's DS 

ret 


; return to caller 

FlatCall endp 



end 



; End of File 
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Integrate sophisticated features 
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applications. 
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C TOOLS PLUS version 6.0 is filled 
with many advanced routines for 
developing high-powered C applica¬ 
tions, including: virtual, stackable 
menus and windows with full mouse 
support and optional . 

“drop shadows”; multi- 
pie virtual pop-up /f 
help screens; a min- (( 
iature multi-line 
editor for gathering 
user responses in a Wjr 
robust fashion; a nIL 
single function call 
which can move, resize, 
and promote a window or 
menu on top of all others; the ' 
ability to update covered windows 
automatically when they are written 
to; support for EGA, VGA, and 
MCGA text modes including 30-, 43-, 
and 50-line modes; support for the 
enhanced (101/102 key) keyboard. 

All this and more for only $149! 
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Figure 2 
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BigApp Stack 

Windows' Stack 


DialogBoxQ function in Windows. 
When it needs to call the application's 
dialog function, Windows calls a 
t hunkoid (so called because it 
resembles a regular Windows thunk, 
but only slightly) that transfers control 
to a stepup transformer in order to 
reach the 32-bit dialog function. The 
returns from the dialog function to Win¬ 
dows and from DialogBoxQ to BigApp 
are similarly mediated. 

The stepdown transformer reformats 
the function arguments and eventual 
return value to account for the different 
word size and pointer layout used by 
Windows. Figure 3 illustrates the argu¬ 
ment stack STEPDOWN receives and the 
argument stack it must pass to the real 
DialogBoxQ function. STEPDOWN trans¬ 
lates the two integer arguments by 
truncating them to 16 bits. No informa¬ 
tion is lost because the arguments 
originated as 16-bit values that were 
widened by zero extension at some 
point in the past. STEPDOWN will trans¬ 
late the :32 IpTemplateName pointer 
into a 16:16 far pointer by using an alias 
selector. 

Handling Callbacks 
From Windows 

The crux of the DialogBoxQ illustra¬ 
tion is the thunkoid that allows 16-bit 
Windows code to reach the 32-bit 
dialog function. A thunkoid intercepts 
callbacks from Windows to a 32-bit 
subroutine and looks like this 

EXTRN STEPUP:FAR 

MOV AX, dataseg 
CALL STEPUP 

RET n 

DD 0FFSET32 callback 

The n in the return instruction and 
the name callback are placeholders for 
data that gets filled in dynamically. In 
this example, callback would be the 
flat address of the dialog function, and 
n would be 10 - the length of the argu¬ 
ments passed by a 16-bit call to the 
dialog function. 

BigApp creates the thunkoid by call¬ 
ing MakeProcInstanceQ. The runtime 
monitor intercepts this call, creates the 
thunkoid in free storage, and returns its 
flat address. BigApp then passes the 
thunkoid address as the last argument to 
DialogBoxQ. The stepdown transformer 
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translates the :32 flat address of the 
thunkoid into a 16:16 address and pas¬ 
ses the result along to the real Dialog- 
Box () function. 

When Windows later calls the dialog 
function, the thunkoid routes control to 
a generic stepup transformer in the 
runtime monitor. STEPUP reformats ar¬ 
guments and calls the 32-bit dialog 
function on its own 32-bit stack. It also 
reformats the return value and returns 
via the thunkoid, which pops the right 
number of argument bytes off the 
stack. 

Creating and using thunkoids is more 
complicated than the preceding sum¬ 
mary suggests. When the runtime 
monitor intercepts a call to MakeProc- 
Instancef), it is only able to create a 
skeleton thunkoid that contains the ad¬ 
dress of the target function. Information 
about the number and type of argu¬ 
ments and the return value from the 
target function are not available, how¬ 
ever. In addition, the flat address 
returned by the interceptor must be 
capable of being dereferenced as a 
function pointer by 32-bit code; there¬ 
fore, the thunkoid contains a 32-bit JMP 


instruction at a fixed offset from the 
beginning of the thunkoid. The 32-bit 
caller of MakeProcInstance() actually 
gets back the address of this JMP in¬ 
struction. 

Much of the work associated with 
thunkoids occurs when STEPDOWN 
handles an API call, such as Dialog- 
Box (), that requires a procedure in¬ 
stance address. Information about the 
arguments and return value of the ref¬ 
erenced procedure is implicit in the API 
call: every call to DialogBox(), for ex¬ 
ample, supplies a function that wants 

(HWND, WORD, WORD, DWORD) 

arguments and returns BOOL. STEPDOWN 
saves this knowledge in the thunkoid 
so that STEPUP can later find it STEP¬ 
DOWN also modifies the RET instruction 
in the thunkoid so that the right num¬ 
ber of argument bytes will be popped 
when STEPUP returns. 

Finally, the 16:16 thunkoid address 
passed along by STEPDOWN needs to be 
in a code segment rather than a data 
segment, but the thunkoid itself has to 
be modified by STEPDOWN using a data 


selector. Furthermore, the thunkoid 
must be located in a locked segment - 
one whose linear address will not 
change - because 32-bit code will be 
remembering only the thunkoid's linear 
address. For all these reasons, it is con¬ 
venient to put all thunkoids into the in¬ 
stance data segment for the monitor 
appliation. You use LockData() to lock 
this segment into a particular range of 
linear addresses, and you then use 
AllocDStoCSAlias() to create a code 
selector for later use in forming 
thunkoid addresses for use by Win¬ 
dows. 

Special Cases 

Although you can create the great 
bulk of the stepdown transformers 
mechanically from the prototypes in 
UINDOWS.H, there are a daunting num¬ 
ber of exceptions. Flere is a sampling: 

• Window functions are callbacks for 
which one never calls MakeProc- 
Instance(). You have to create and 
initialize the thunkoid by looking at 
the UNDCLASS structure whose ad¬ 
dress is passed in a call to Register- 
Class (). 
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• Several API’s use structures that contain far pointers. Not 
only does the address of the structure need to be trans¬ 
lated, but the pointers inside the structure do, too. In the 
architecture described in this article, pointers are the only 
parts of structures that the extender translates because the 
BigApp uses the 16-bit versions of all structures. 

• Some window messages (for example, WM_GETTEXT) use the 
IParam parameter of the window function call (which is 
usually a 32-bit integer) as a far pointer. 

• Some control messages (for example, EM_GETLINE) also use 
IParam as a pointer. You cannot spot these in a generic 
way because the message identifier is UM_USER plus a small 
integer and is the same as message numbers for other con¬ 
trols that do not require translation. 

There are many more problems like these, some of which 
you can only discover by trial and error. The most elegant of 
the Windows extenders deal automatically and transparently 
with the problems, leaving the application programmer free of 
burdensome details. 

Discussion 

The flat model architecture I described takes you part of 
the way to Windows 4. Public information about Windows 4 is 
rather sparse as this article goes to press, but industry ob¬ 
servers expect it to provide features like preemptive multi¬ 
tasking, threads, separate linear address spaces, named pipes, 
and so on, that are in OS/2 but cannot be readily simulated 
under DOS. Some changes in the 16-bit API will undoubtedly 
be made to accommodate the switch from 16-bit to 32-bit 


integers. For example, a function like GetCurrentPosition() 
that returns a coordinate pair as a packed DUORD in Windows 
3 would presumably be changed to use a store argument in¬ 
stead. A Windows extender that attempts to mimic Windows 
4, therefore, must deal with some difficult concepts and with 
several non-mechanical translation situations. 

Implementing an extender to let 32-bit code call into the 
16-bit API is obviously not a casual task. One has to write a 
relatively full-featured runtime loader as well a translation 
layer for about 500 different functions. It is worth emphasizing 
that WINMEM32 (or any other approach involving a nonzero- 
based selector) does not save any of this work and introduces 
the enormous complication of 16:32 far pointers throughout 
the application. If you are going to expend the effort to create 
stepdown and stepup transformers for a 32-bit application, I 
see no reason to give up the advantages of a zero-based flat 
address model. 

In summary, Windows 3 provides a framework within 
which you can develop 32-bit applications if you work at it. 
Using WINMEM32, you can easily splice single 32-bit sub¬ 
routines into a program to accomplish discrete tasks that are 
better done in a 32-bit environment. Finally, it is possible 
(though very difficult without expert help) to create complete 
Windows applications that run as zero-based, flat-model 
programs within the surrounding 16-bit environment of Win¬ 
dows 3. Commercial toolkits are becoming available to do the 
hardest parts of these jobs. Accordingly, I look forward to 
seeing greater use of 32-bit power in the world of Windows. □ 
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Using Spinlocks 
In A Symmetric 
Multiprocessing Environment 


Steve Jones 


Compaq’s SystemPro introduced multiprocessing to the PC 
marketplace. Today’s multiprocessing machines offer two, four, or 
even eight processor options. This article shows you how to safely 
harness the power of these extra processors. 

Writing code for multiprocessor machines in the MlSD (multiple in¬ 
struction stream, single data stream) family of parallel architectures is 
difficult without defining some kind of uniform computing model for 
the multiprocessor platform. Multiprocessor operating systems use 
two general models: symmetric multiprocessing (SMP) and asymmetric 
MP (AMP). 

Asymmetric multiprocessor machines are already in use today. 
Digital Equipment Corporation extended its VAX 780 model with a 
dual-CPU configuration called a VAX 782. The processors share 
memory and execute the same instruction set. In the 782, one proces¬ 
sor executes system calls, while the other executes user code. This 
design relieves the user processor from managing I/O system over¬ 
head. On the other hand, the extra processor provides no performance 
benefits for CPU-intensive jobs. In general, asymmetric architectures 
are easy to implement, and hide the details of the system’s multi¬ 
processing aspects from the user program. 

Symmetric multiprocessing is an entirely different story, in order to 
take full advantage of a machine’s multiple processors, the operating 
system implements a thread object that can be executed on any 
processor. Multiple threads from a program can execute in a round- 
robin fashion, as in OS/2, or in parallel on separate processors. This 
latter approach is used in Portable OS/2, SCO MPX (a multiprocessing 
variant of UNIX), and in the DOS clone operating system I am writing 
myself. 

If you have a multiprocessor machine today, it is actually fairly 
easy to take advantage of its extra processor(s). You need a multitask¬ 
ing scheduler that is aware of its MP environment (commonly referred 
to as “MP-aware" code), and you must use a special software object 
called a spinlock to synchronize events. 


Steve Jones has been developing operating systems for 10 years, start¬ 
ing Wendin’s software company and authoring the Operating System Tool¬ 
box, PCVMS, PCUN/X, and Wendin-DOS. After joining Microsoft he was the 
development lead for LAN Manager 386, wrote Jetbeui, Microsoft’s standard 
NetBIOS transport protocol, and also worked on the network software for 
Portable OS/2. In 1990, Steve started General Software, Inc, a company that 
produces a family of MS-DOS compatible operating systems for licensing to 
consultants and OEMs. Steve can be reached at General Software at (206) 
391-4285. 
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Listing 1 

;*** AllocateSpinLock - Allocate Spin (short term) Lock Object. 

; This macro is used to allocate a spin lock and store its 

; handle in a specified location. In the actual implementation, 

; this macro doesn't even call a package, but resets a spinlock 

; to a known state. The place where we store the handle IS the 

; spinlock. 

; Usage: AllocateSpinLock lock 

AllocateSpinLock MACRO lck 

mov lck, 0 ; initialize the lock. 

ENDM 

.*** DeallocateSpinLock - Deallocate Spin (short term) Lock Object. 

; This macro is used to deallocate a spin lock and return 

; it to the system. In this implementation, since the user's 

; handle storage actually serves as the lock itself, we don't 

; do anything here at all. If we change the implementation, then 

; the source can just be recompiled and the DeallocateSpinLock 

; calls will do something meaningful, like deallocating pool. 

; Usage: DeallocateSpinLock lock 

DeallocateSpinLock MACRO lck 

mov lck, 0 ; reset the lock. 

ENDM 

;*** AcquireSpinLock - Acquire Spin (short term) Lock. 

; This macro is used to acquire a spin lock in a multiprocessor 

; system so that access to a mutually-exclusive object can be 

; controlled in an MP-safe way. To setup a spinlock, initialize 

; it with the AllocateSpinLock macro. Then to acquire the lock, 

; use this macro. To free up the lock when you're done, use the 

; ReleaseSpinLock macro. 

; Usage: AcquireSpinLock lock [, scratch-reg] 

AcquireSpinLock MACRO lck, scr 


IF 

MULTIPROCESSOR 

IFIDN 

<scr>,<> 

push 

ax 


mov 

ax. 

1 

xchg 

lck, 

ax 

or 

ax, 

ax 

jnz 

@b 


pop 

ELSE 

ax 


mov 

scr, 

1 

xchg 

lck, 

scr 

or 

scr. 

scr 

jnz 

ENDIF 

ENDIF 

ENDM 

@b 



.*** ReleaseSpinLock - Release Spin (short term) Lock. 

; This macro is used to release a spin lock in a multiprocessor 

; system so that access to a mutually-exclusive object can be 

; controlled in an MP-safe way. To setup a spinlock, initialize 

; it with the AllocateSpinLock macro. To acquire the lock, use 

; AcquireSpinLock. To free up the lock when you're done, use 

; the ReleaseSpinLock macro. 

; Usage: ReleaseSpinLock lock 

ReleaseSpinLock MACRO lck 

IF MULTIPROCESSOR 

mov lck, 0 

ENDIF 
ENDM 

; End of File 


The spinlock object is an essential 
tool for writing MP-aware code. Con¬ 
sider the case where a program must 
implement a reference count on an ob¬ 
ject (the value in an unsigned integer is 
incremented when the object is in use 
and decremented when no longer 
used). If one processor increments the 
contents of the storage location with an 
ADD machine instruction while another 
processor decrements the contents of 
the storage location with a SUB 
machine instruction, the results will 
depend on the relative speeds of the 
processors, how their read and write 
cycles interleave, and so on. The sub-in¬ 
struction clock cycles that compose an 
instruction can interleave with another 
processor's. Without some mechanism 
for guarding data structures in general, 
chaos results. 

Implementing 
The Spinlock Object 

A spinlock is a storage location that 
can be accessed in a single bus cycle. In 
many machine architectures, including 
the 8086 family, this means the location 
must be appropriately aligned. A byte, 
word, or doubleword can be used as a 
spinlock object To run 16-bit MP code 
on an 80286 or better, I will use a word 
of storage. 

A spinlock package must include 
four different operations. First, there 
must be methods to allocate and to 
deallocate spinlocks. Next, there must 
be operations that acquire a spinlock 
and that release the spinlock. For per¬ 
formance reasons, my implementation 
requires the user of the package to 
reserve storage for the lock object 
manually, and also requires that the 
lock not move. 

Listing 1 provides the assembly 
macros for 80x86 assembly language 
programs. The assembly code in Listing 
2 is a spinlock package that supports 
large-model C programs. You can 
modify it to run with small model- 
programs by removing the FAR declara¬ 
tion in the DefProc macro. 

Even though the spinlock implemen¬ 
tation in this article simplifies the 
routines AllocateSpinLock and 
DeallocateSpinLock to no-operations, 
you should get into the habit of faith¬ 
fully calling these APIs in your programs 
that use spinlocks. If the package inter¬ 
nals change (for example, if the locks 
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themselves are maintained internally 
and handles are passed back and forth 
across the interface), then these 
routines would have to be called to do 
actual work. 

AcquireSpinLock is actually the API 
that makes multiprocessor code MP- 
safe. It executes the AcquireSpinLock 
macro, which performs the following 
simple but effective instruction se¬ 
quence: 

mov ax,l 
xchg spinlock, ax 
or ax, ax 
jnz @b 

A spinlock in the RELEASED state con¬ 
tains a zero value. A nonzero value indi¬ 
cates the ACQUIRED state. This code ex¬ 
changes the current state of the spin- 
lock with the ACQUIRED state. If the 
value returned in the AX register is zero, 
then the lock was previously in the 
RELEASED state, and at the same time 
was set to the ACQUIRED state by the 
XCHG instruction. Otherwise, if the value 
returned in the AX register is nonzero, 
then the lock was already in the AC¬ 


QUIRED state, so setting it again to the 
ACQUIRED state doesn't alter its state. 

In systems with many processors, 
placing an extra NOP instruction be¬ 
tween the XCHG instruction and the OR 
reduces write-through traffic through 
the competing processors’ data caches. 

The ReleaseSpinLock API simply 
clears the spinlock object to the 
RELEASED state, allowing other proces¬ 
sors in the above XCHG loop to acquire 
the lock. 

Using The Spinlock Package 

The fun really starts once you have 
assembled this package and linked it 
with your C or assembly language pro¬ 
gram. If you already know the machine- 
specific method for starting the second 
processor on your MP machine, you can 
immediately begin writing MP-safe 
programs in the DOS environment. Un¬ 
fortunately, the OS/2 environment does 
not yet support MP platforms because 
the multiple processors must share an 
IDT, LDT, and GDT. This is a difficult 
problem because the 80286 and above 
processors actually cache these struc¬ 
tures on-chip, resulting in cache- 


coherency problems across the proces¬ 
sors. For that reason, and because the 
OS/2 kernel isn't MP-safe (it doesn’t use 
spinlocks, for example), OS/2 multi¬ 
processor development should general¬ 
ly be ruled out for the near future. 

Using Spinlocks To Guard 
Structures, The BIOS, 

And DOS 

Assuming that you can supply the 
initialization code that turns on your 
“extra” processors and starts them ex¬ 
ecuting their own code paths, you can 
use the spinlock routines to guard ac¬ 
cess to your program’s structures and 
to other system resources, especially 
the BIOS and DOS. 

You should maintain one spinlock 
for DOS and one for the BIOS, to allow 
them to execute in parallel. Because 
DOS occasionally calls itself internally, 
you'll want to acquire the DOS spinlock 
yourself - not in an Int 22/i-catching 
ISR - before you call DOS, and then 
release the spinlock after Int 21h has 
returned. The same method should be 
used to guard the BIOS. Depending on 
the granularity of BIOS services you 


PC KEYBOARD 
DESIGN 


This book will tell you how to use the keyboard port as an 
input for your embedded system. It defines the protocol 
between the keyboard and computer for both the XT and 
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and buffering of keyswitches. Schematics cover the 
hardware design, and the accompanying diskette contains 
source code for the keyboard's internal controller. The 
hardware and firmware design example is for an automatic 
teller application. PC Keyboard Design, by Gary Konzak, 
is $249. 
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want your program to use, you may 
define several locks-, one for disk, one 
for the keyboard, and one for the 
screen. 

For programs that use the standard 
C libraries, you cannot assume that 
those libraries are not re-entrant, much 
less MP-safe. At the very least, use 
protected-mode OS/2 libraries where 
possible, and BIND your program. 

Since spinlocks actually spin through 
clock cycles and do not relinquish 
processor control to some other thread 
when they block, it is important to 
keep guarded regions of code as small 
as possible, even only a few instruc¬ 
tions. Typically, if your guarded code 
represents a small area of the vast ex¬ 
panse of the possible instruction path, 
the acquire operation will almost never 
have to spin, and when it does, it will 
spin for only a few cycles. 

Interrupt Time Use 
Of Spinlocks 

If your software will take interrupts, 
then you must consider that a proces¬ 
sor that has taken out a lock can be 
interrupted by some hardware event, 


Notice to TS 
Subscribers 


Occasionally, TECH Specialist 
makes its mailing list available to 
vendors of products we think our 
readers will find interesting. Cur¬ 
rent subscribers receive free in¬ 
formation in the mail from these 
vendors. 

If you prefer that your name 
not be used in these mailings, 
please let us know. Just copy or 
clip this form and send it with 
your name and address to: 


TECH. .. 
specialist. 


TECH Specialist 
2601 Iowa 

Lawrence, KS 66046 


Listing 2 


TITLE SPINLOCK - Spinlock Package for MP-Aware C Programs. 

;*** SPINLOCK - Spinlock Package for HP-Aware C Programs. 

• FUNCTIONAL DESCRIPTION. 

; This module is assembled to create an OBJ file that can be linked 

; with a large model C-language program to provide MP-aware spinlock 

; support. 

; MODIFICATION HISTORY. 

; S. E. Jones 91/04/05. Original. 

» 

; NOTICE: This code is hereby delivered to the public domain. 

; BUILD ENVIRONMENT. 

; MASM 5.10, no special switches. 

include spinlock.inc ; spinlock macros. 

DefProc MACRO rtn j macro used to define procedures. 

PUBLIC rtn 

rtn PR0C FAR 

ENDM 

EndProc MACRO rtn j macro used to end procedures, 

ret 

rtn ENDP 

ENDM 

SPINLOCK SEGMENT PARA PUBLIC 'CODE' 

.*** _A1locateSpinLock - Initialize Storage Area as Spinlock Object. 

; FUNCTIONAL DESCRIPTION. 

; This routine is called by large-model C routines to initialize 

; a word of storage as a spinlock object. The lock is set to the 

; released state. A return code is architected, even though it 

; is not used in this particular package. If the package is 

; changed to support spinlocks that are managed purely inside 

; the private part of this package, then it might be possible 

; to run out of handles to spinlocks. 

; ENTRY. 

; [bp+6,bp+8] - FWA, word of storage to format as spinlock object. 

; EXIT. 

; AX - 0 if success, else nonzero if failure. 

• USES. 

; none. 

ASSUME CS:SPINL0CK, DS:NOTHING, ES:N0THING, SS:N0THING 
DefProc _A1locateSpinLock 
push bp 

mov bp, sp 
push si 

push ds 

Ids si, [bp+6] ; (DS:SI) = FWA, storage. 

A1locateSpinLock <[si]> ; initialize the lock. 

sub ax, ax ; (AX) = 0, meaning success. 

pop ds 

pop si 

pop bp 

EndProc _A1locateSpinLock 

.*** _DeallocateSpinLock - Release Spinlock Object to System. 

; FUNCTIONAL DESCRIPTION. 

; This routine is called by large-model C routines to release 

; a word of storage used as a spinlock object. The lock is 

; released, although this operation is superfluous in this 

; particular implementation. Other implementations of this 

; package may actually require this routine to deallocate a 

; handle. 
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Listing 2 — Cont’d 


; ENTRY. 

; [bp+6,bp+8] - FWA, spinlock to deallocate. 

; EXIT. 

; AX - 0 if success, else nonzero if failure. 

; USES. 

; none. 

ASSUME CS:SPINLOCK, DS:NOTHING, ES:NOTHING, SS:NOTHING 
DefProc _DeallocateSpinLock 
push bp 

mov bp, sp 

push si 

push ds 

Ids si, [bp+6] ; (DS:SI) = FWA, storage. 

DeallocateSpinLock <[si]> ; deallocate the lock. 

sub ax, ax ; (AX) * 0, meaning success. 

pop ds 

pop si 

pop bp 

EndProc _DeallocateSpinLock 


_AcquireSpinLock - Acquire Spinlock for Exclusive Access. 
FUNCTIONAL DESCRIPTION. 

This routine is called by large-model C routines to acquire, 
or gain control of, a registered spinlock. This routine works 
by calling the AcquireSpinLock macro, which repeatedly issues 
an XCHG instruction on the lock with a nonzero value until a 
zero value is returned. Because Intel architecture guarantees 
that XCHG will issue a LOCK across the bus, other processors 
cannot interleave their XCHG cycles with ours. 

This routine disables interrupts so that ISRs can also use locks. 
If you don't need disabled interrupts, you should remove the CLI 
instruction at the start of this routine, and also remove the STI 
instruction at the end of the _ReleaseSpinLock routine. 

A return status code is provided because in some implementations, 
a spinlock's handle may be invalid. 

ENTRY. 

[bp+6,bp+8] - FWA, spinlock object. 

EXIT. 

AX - 0 if success, else nonzero if failure. 

USES. 

none. 


ASSUME CS:SPINLOCK, DSrNOTHING, ES:NOTHING, SS:NOTHING 


DefProc _AcquireSpinLock 
push bp 

mov bp, sp 

push si 

push ds 

Ids si, [bp+6] 

cl i 

AcquireSpinLock <[si]> 
sub ax, ax 

pop ds 

pop si 

pop bp 

EndProc _AcquireSpinLock 


(DS:SI) = FWA, storage. 
DISABLE INTERRUPTS, 
acquire the lock. 

(AX) = 0, meaning success. 


_ReleaseSpinLock - Release Spinlock to Other Processors. 

FUNCTIONAL DESCRIPTION. 

This routine is called by large-model C routines to release 
control of a previously-acquired spinlock. This routine works 
by calling the ReleaseSpinLock macro, which simply stores a 
zero in the lock in a single bus cycle. Because the store 
doesn't cause a read/modify/write cycle that could be interrupted, 
we're safe. 
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Listing 2 — Cont’d 


This routine disables interrupts so that ISRs can also use locks. 
If you don't need disabled interrupts, you should remove the STI 
instruction at the end of this routine, and also remove the CLI 
instruction at the beginning of the _AcquireSpinLock routine. 

ENTRY. 

[bp+6,bp+8] - FWA, spinlock object. 

EXIT. 

AX - 0 if success, else nonzero if failure. 

USES. 

none. 


ASSUME CSiSPINLOCK, DS:NOTHING, ES:NOTHING, SS:NOTHING 
DefProc _ReleaseSpinLock 
push bp 

mov bp, sp 

push si 

push ds 

Ids si, [bp+6] 

ReleaseSpinLock <[si]> 
sti 


sub 

pop 

pop 

pop 


ax, ax 
ds 
si 
bp 


(DS:SI) = FWA, storage, 
release the lock. 

ENABLE INTERRUPTS. 

(AX) = 0, meaning success. 


EndProc _ReleaseSpinLock 


SPINLOCK ENDS 


END 


; End of File 


and that the ISR may try to take out 
the same or another lock that is al¬ 
ready taken out. This sequence of 
events results in a processor deadlock¬ 
ing itself. If interrupt code will be able 
to acquire spinlocks, then both the 
task-time code and the interrupt-time 
code must disable interrupts before ac¬ 
quiring a spinlock, and leave them dis¬ 
abled until the spinlock has been 
released. Don’t forget that seemingly 
harmless instructions like POPF can ac¬ 
tually turn interrupts on for a moment 
and should therefore not be used in 
locked critical sections. 

Conclusion 

Within a couple of years, simple 
tools like spinlock will be a part of 
every programmer’s toolbox. A well- 
structured package that supports a 
machine-independent API is essential to 
making MP-safe programs portable. The 
time has come for programmers to con¬ 
sider MP issues even when writing 
software for non-MP platforms. □ 


Windows 3.0 


Call For Papers 

We are currently seeking articles related to Windows 3.0 development. Potential topics include, but are not 
limited to: 


• Multi-threading in Windows 

• A reusable Hue-Lightness-Saturation dialog box 

• How to use an edit control with large (64Kb) strings 

• A custom control for histograms 

• How to communicate with DOS apps 
from Windows 

• A better U IN STUB. EXE 


• An interactive tool for debugging DDE 

• A simple object-oriented graphics library 

• How to write an OLE application 

• A reusable printer setup dialog box 

• A User Report on Windows for Japan 

• Designing a DDE unit for TPW 

• How to perform high-speed animation in Windows 


If you are interested in writing about one of these topics or you have a related idea, please contact our 
editorial staff for author guidelines at (913) 841-1631. 


TECH. _ 
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The LOADALL 
Instruction 

Robert Collins 

Of the few undocumented instructions in the 80286 and 
80386 microprocessors, the LOADALL instruction is the most 
widely known. Nevertheless, very few people understand how 
to use it. Using LOADALL is not as simple as merely knowing 
the LOADALL opcode and its format, because knowing how to 
use LOADALL requires a knowledge of many aspects of the 
CPUs’ behavior that are not documented in their respective 
data sheets. 

The 286 LOADALL is widely known because a 15-page Intel 
confidential document describing its use was given to many 
developers. 286 LOADALL is so commonly used in production 
code that DOS 3.3 (and above) and OS/2 have provisions for 
using LOADALL built in them. Every 386 and 486 BIOS emulates 
286 LOADALL and even Microsoft CODEVIEW recognizes the 286 
LOADALL opcode and disassembles it. 

On the other hand, the 386 LOADALL is not widely known, 
and very few developers even know it exists. In this article, I 
will explain how to use both the 286 and 386 LOADALL instruc¬ 
tions and present source code to demonstrate the various 
aspects of CPU behavior that become apparent, or can be 
proven, when using LOADALL. 


Robert Collins is a Senior Firmware/BIOS engineer at Altos 
Computer Systems, Son Jose, CA. Robert mag be reached via 
email at .. .sun!altosLrcollins, rcollinsOaltos.COM or 
via phone at (408) 432-6200 X4356. 
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Table 1 

Phys. 




Addr. 

Description 

Size 

Value 

[800] 

None 

DW 

0 

[802] 

None 

DW 

0 

[804] 

None 

DW 

0 

[806] 

MSW 

DW 

? 

[808] 

None 

DW 

0 

[80A] 

None 

DW 

0 

[80C] 

None 

DW 

0 

[80 E] 

None 

DW 

0 

[810] 

None 

DW 

0 

[812] 

None 

DW 

0 

[814] 

None 

DW 

0 

[816] 

TR REG DW 

? 


[818] 

FLAGS DW 

? 


[81 A] 

IP 

DW 

7 

[81C] 

LDT REG DW 

? 


[8 IE] 

DS REG DW 

? 


[820] 

SS REG DW 

? 


[822] 

CS REG DW 

? 


[824] 

ES REG DW 

? 


[826] 

DI 

DW 

7 

[828] 

SI 

DW 

7 

[82A] 

BP 

DW 

? 

[82C] 

SP 

DW 

7 

[8E0] 

BP 

DW 

7 

[830] 

DX 

DW 

7 

[832] 

CX 

DW 

7 

[834] 

AX 

DW 

7 

[836] 

ES DESC 

DESC 

CACHE286 <?,?,?> 

[83C] 

CS DESC 

DESC 

CACHE286 <?,?,?> 

[842] 

SS DESC 

DESC 

CACHE286 <?,?,?> 

[848] 

DS DESC 

DESC 

CACHE286 <?,?,?> 

[84 E] 

GDT DESC 

DESC 

CACHE286 <0,?,?> 

[854] 

LDT DESC 

DESC 

CACHE286 <?,?,?> 

[85A] 

IDT DESC 

DESC 

CACHE286 <0,?,?> 

[860] 

TSS DESC 

DESC 

CACHE286 <?,?,?> 

[866] 

END OF TABLE 



DESC 

CACHE286 STRUC 




Addr A15 A00 

DW 

7 


Addr A23 A16 

DB 

7 


Access 

DB 

7 


Limit 

DW 

7 


ENDS 




80286 LOADALL 

Data Structure Format 


Intel originally included LOADALL in 
the CPU mask for testing purposes and 
In Circuit Emulator (ICE) support. As its 
name implies, LOADALL loads all of the 
CPU registers, including the “hidden" 
software-invisible registers. At the com¬ 
pletion of a LOADALL instruction, the en¬ 
tire CPU state is defined according to 
the LOADALL data table. LOADALL loads 
all of the software-visible registers such 
as AX, and ail of the software-invisible 
registers such as the segment descrip¬ 
tor caches. 

By manipulating the descriptor cache 
base registers, you can access the en¬ 
tire address space without switching to 
protected mode. In other words, by 
using LOADALL, you can access memory 
above 1Mb from real mode. Since the 
alternative method for the 286 (switch¬ 
ing to protected mode, accessing the 
desired memory, then resetting the CPU 
- the only way to get the 286 back to 
real mode) has a significant perfor¬ 
mance penalty, LOADALL is most sig¬ 
nificant to 286 programmers. LOADALL 
provides them with a new capability 
that is not available by any other 
means. 



◄ 

▼ 
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Table 2 

Offset: Description: 

0-2 24-bit physical address of the segment in memory. 

These bytes are stored in standard Intel format with 
the least significant byte at the lowest memory 
address. 

3 Access rights. The format of this byte is the same as 
that in the descriptor table. This access byte is 
loaded in the descriptor cache register regardless of 
its validity. Therefore the "present" bit in the 
access rights field becomes a "descriptor valid" bit. 
When this bit is cleared, the descriptor is considered 
invalid, and any memory reference using this descriptor 
generates exception 13, with error code 0. The 
Descriptor Privilege Level (DPL) of the SS and CS 
descriptor caches determines the Current Privilege Level 
(CPL). The CS descriptor cache may be loaded as a 
read/write data segment. 

4-5 Segment limit. The standard 16-bit segment limit 
stored in standard Intel format. 


2(a) 80286 Descriptor Cache Entry Formats 


Offset: Description: 

0-2 24-bit physical address of the segment in memory. 

3 Should be 0. 

4-5 Segment limit. 


2(b) GDT and IDT Descriptor Cache Entry Formats 




Magic TSR Toolkit 

Write complete memory 
resident programs that require 
as little as 2K of RAM by 
swapping to EMS or disk. 

No secrets: complete assembly 
language source code and 
tutorial provided 


Quantasm Power Lib 

• Over 400 fast, compact 
assembly language routines 

• Overlapping windows in less 
than 3K 

• Over 100 string and numeric 
functions 

• Menus, date, time, sound 
and more! 

Magic TSR Toolkit. . .$199.95 


Power Lib. 99.95 

Power Lib w/source. . 299.95 
ASMFLOW. 99.95 


Shipping & Handling: U.S. $5; Foreign $15 
CA res. add sales tax 
VISA and MasterCard accepted 
30-day money back guarantee 


MUI 



19855 Stevens Creek Blvd., Suite 154 
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Table 3 



Offset 

Description 


Size 

Value 


[00] 

CR0 


DD 

? 


[04] 

EFLAGS 


DD 

? 


[08] 

EIP 


DD 

? 


[0C] 

EDI 


DD 

? 


[10] 

ESI 


DD 

? 


[14] 

EBP 


DD 

? 


[18] 

ESP 


DD 

? 


[1C] 

EBX 


DD 

? 


[20] 

EDX 


DD 

7 


[24] 

ECX 


DD 

7 


[28] 

EAX 


DD 

7 


[2C] 

DR6 


DD 

7 


[30] 

DR7 


DD 

7 


[34] 

TR REG 


REG STRUC 

<?> 


[38] 

LDT REG 


REG STRUC 

<?> 


[3C] 

GS REG 


REG STRUC 

<?> 


[40] 

FS REG 


REG STRUC 

<?> 


[44] 

DS REG 


REG STRUC 

<?> 


[48] 

SS REG 


REG STRUC 

<?> 


[4C] 

CS REG 


REG STRUC 

<?> 


[50] 

ES REG 


REG STRUC 

<?> 


[54] 

TSS DESC 


DESC CACHE 

<?,? 

,?> 

[60] 

IDT DESC 


DESC CACHE 

<0,? 

,?> 

[6C] 

GDT DESC 


DESC CACHE 

<0,? 

,?> 

[78] 

LDT DESC 


DESC CACHE 

<?,? 

,?> 

[84] 

GS DESC 


DESC CACHE 

<?,? 

,?> 

[90] 

FS DESC 


DESC CACHE 

<?,? 

,?> 

[9C] 

DS DESC 


DESC CACHE 

<?,? 

,?> 

[A8] 

SS DESC 


DESC CACHE 

<?,? 

,?> 

[B4] 

CS DESC 


DESC CACHE 

<?,? 

,?> 

[CO] 

ES DESC 


DESC CACHE 

<?,? 

,?> 

[CC] 

LENGTH OF TABLE 




+- 


—+- 



-+ 

REG STRUC STRUC 

1 

DESC CACHE 

STRUC 

REG 

VAL DW ? 

1 

DB 

0 


DW 0 

1 

_Type 

DB 

7 

ENDS 


1 

DB 

0 



l 

DB 

0 



l 

Addr 

DD 

7 



1 

Limit 

DD 

7 



l 

ENDS 



+- 


—+- 



-+ 


80386 LOADALL Data Structure Format 


LOAD ALL Details 

LOADALL is closely coupled with the 
CPU hardware. Both the 286 and 386 
have different internal hardware and 
Intel implemented LOADALL using dif¬ 
ferent opcodes on the 286 and 386. 
80286 LOADALL (opcode 0F05) produces 
an invalid opcode exception when ex¬ 
ecuted on the 386, and 80386 LOADALL 
(opcode 0F07) produces an invalid op¬ 
code exception when executed on the 
286. 

LOADALL loads all CPU registers (in¬ 
cluding MSU, GDTR, CSBASE, ESACCESS) 
from a memory image. You can ex¬ 
ecute LOADALL in real or protected 
mode, but only at privilege level 0 
(CPL=0). If you execute LOADALL at any 
other privilege level, the CPU generates 
an exception. 

By directly loading the descriptor 
cache registers with LOADALL, a program 
has explicit control over the base ad¬ 
dress, segment limit, and access rights 
associated with each memory segment. 
Normally, the CPU loads these values 
each time it loads a segment register, 
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Table 4 


Offset Description 

0-3 Access rights. The access rights dword consumes 11 

bits of this 32-bit field. See figure 2 for a complete 
description of this field. 


4-7 32-bit base address of the segment in memory. 

8-11 32-bit segment limit. 

(a) 80386 Descriptor Cache Entries 

Offset Description 


0-3 

4-7 

8-11 


Should be 0. 

32-bit base address of GDTR or IDTR. 
32-bit limit of GDTR or IDTR. 


(b) GDT and IDT Descriptor Cache Entry Formats 


FRAME: 


TYPE: 


ADDRESS: 


DATA 

BE3# 

BE2# 

BE1# 

BEO# 


Figure 1 

The FRAME number is like a clock count for the CPU. At 
every CPU clock, the ICE takes a picture. When a valid 
cycle occurs, the ICE records its occurance. Therefore, 
it is possible to determine how many CPU clocks a 
sequence of instructions takes to execute by reading 
this information. 

Cycle type. Shown here are F=Fetch, R=Read, and 
X=eXecute. 

The 32-bit address asserted on the CPU address bus 
during each cycle. 

The data asserted on the CPU data bus during each cycle. 
Byte Enable pins on the CPU. These pins determine which 
bytes of the 32-bits of data are valid. These pins are 
active low, so 8-bits of data are valid for each 'O'. 


W/R#: 

Write/Read. 

Write =1 

,Read=0 

D/C#: 

Data/Code 

Data =1 

,Code=0 

M/10# 

Memory/10 

Memory=l 

,10 =0 




WDM 

FRAME 


BBBB 

III 

1 

ADDRESS DATA EEEE 

RCI 

| TYPE 


3210 

0 

dec 

hex hex 

#### 

### 

5 F 0000DE40 B490070F 0000 

001 


8 X executed 2 bytes at DE40L 


LOADALL fetched 
LOADALL begins execution 


ICE Trace of 386 LOADALL 


DOS 

Documented 

Microsoft 


MS-DOS 

Programmer’s Reference 



Updated to 
MS-DOS version 5! 


The Microsoft guide to MS-DOS® 
internals is back. This exclusive guide is 
now updated to include all versions of DOS 
from 3.3 through 5.0. This is the DOS 
book that gets used! Now available 
wherever computer books are sold. 

Or order directly from Microsoft Press. 

$24.95 

To place your credit card order, call 

1-800-MSPRESS. 

8am to 5pm Central Time. 

Refer to ad AHG. 



The Authorized Editions 

Microsoft Press, One Microsoft Way, 
Redmond, WA 98052-6399. 

$32.95 in Canada. 

Call Macmillan Canada.416-293-8141 . 
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Figure 1 


11 

R 

0000D8F0 

01010101 

0000 

Oil 

13 

R 

0000D8F4 

02020202 

0000 

Oil 

15 

R 

0000D8F8 

03030303 

0000 

Oil 

17 

R 

0000D8FC 

04040404 

0000 

Oil 

19 

R 

0000D900 

05050505 

0000 

Oil 

21 

R 

0000D904 

06060606 

0000 

Oil 

23 

R 

0000D908 

07070707 

0000 

Oil 

25 

R 

0000D90C 

08080808 

0000 

on 

27 

R 

0000D91O 

09090909 

0000 

Oil 

29 

R 

0000D914 

0A0A0A0A 

0000 

Oil 

31 

R 

0000D7F0 

7FFFFFE0 

0000 

on 

33 

R 

0000D7F4 

00000002 

0000 

Oil 

35 

R 

OOOOD7F8 

00000133 

0000 

Oil 

37 

R 

0OO0D7FC 

66666666 

0000 

Oil 

39 

R 

0000D800 

77777777 

0000 

Oil 

41 

R 

0000D804 

55555555 

0000 

Oil 

43 

R 

0000D808 

88888888 

0000 

Oil 

45 

R 

0000D80C 

22222222 

0000 

Oil 

47 

R 

OOOOD810 

44444444 

0000 

Oil 

49 

R 

0000D814 

33333333 

0000 

Oil 

51 

R 

0000D818 

11111111 

0000 

Oil 

53 

R 

0000D81C 

FFFF0FF0 

0000 

Oil 

55 

R 

0000D820 

0000D402 

0000 

Oil 

57 

R 

0000D824 

xxxxOOOO 

1100 

Oil 

59 

R 

0000D828 

xxxxOOOO 

1100 

Oil 

61 

R 

0000D82C 

xxxx5555 

1100 

Oil 

63 

R 

0000D830 

xxxx4444 

1100 

Oil 

65 

R 

0000D834 

xxxx2222 

1100 

Oil 

67 

R 

0000D838 

xxxx6666 

1100 

Oil 

69 

R 

0000D83C 

xxxxllll 

1100 

Oil 

71 

R 

0000D840 

xxxx3333 

1100 

Oil 

73 

R 

0000D844 

00008900 

0000 

Oil 

75 

R 

0000D848 

00070000 

0000 

Oil 

77 

R 

0000D84C 

00000800 

0000 

Oil 

79 

R 

0000D850 

00000000 

0000 

Oil 

81 

R 

0000D854 

00000000 

0000 

Oil 

83 

R 

0000D858 

000003FF 

0000 

Oil 

85 

R 

0000D85C 

00000000 

0000 

Oil 

87 

R 

0000D860 

00000000 

0000 

Oil 

CT> 

CO 

R 

0000D864 

00000000 

0000 

Oil 

91 

R 

0000D868 

00008200 

0000 

Oil 

93 

R 

0000D86C 

00090000 

0000 

Oil 

95 

R 

0000D870 

00000088 

0000 

on 

97 

R 

0000D874 

00008300 

0000 

Oil 

99 

R 

0000D878 

00050000 

0000 

Oil 

101 

R 

0000D87C 

0000FFFF 

0000 

Oil 

103 

R 

0000D880 

00009300 

0000 

Oil 

105 

R 

0000D884 

00040000 

0000 

Oil 

107 

R 

0000D888 

0000FFFF 

0000 

Oil 

109 

R 

0000D88C 

00009300 

0000 

Oil 

111 

R 

0000D890 

00020000 

0000 

on 

113 

R 

0000D894 

0000FFFF 

0000 

Oil 

115 

R 

0000D898 

00009300 

0000 

Oil 

117 

R 

0000D89C 

00060000 

0000 

Oil 

119 

R 

0000D8A0 

0000FFFF 

0000 

Oil 


Cont’d 

\ 

\ 

\ The 10 "mystery" 

\ reads, exactly 

\ lOOh bytes beyond 

/ the beginning of 

/ the LOADALL table 

/ 

/ 

/ 

CRO 

EFLAGS 

EIP 

EDI 

ESI 

EBP 

ESP 

EBX 

EDX 

ECX 

EAX 

DR6 

DR7 

TR Register 

LDTRegister 

GS Register 

FS Register 

DS Register 

SS Register 

CS Register 

ES Register 

TSS Descriptor Cache 


IDT Descriptor Cache 


GDT Descriptor Cache 


LDT Descriptor Cache 


GS Descriptor Cache 


FS Descriptor Cache 


DS Descriptor Cache 


SS Descriptor Cache 


but LOADALL allows you to load these 
hidden registers independently of their 
segment register counterparts. 

In real mode, LOADALL makes it pos¬ 
sible to access a memory segment that 
is not associated with any segment 
register. Likewise in protected mode, 
you can access memory that has no 
descriptor table entry. 

LOADALL performs no protection 
checks against any of the loaded 
register values. When you execute it at 
CPL 0, LOADALL can generate no excep¬ 
tions. The segment access rights and 
limit portions may be values that would 
otherwise be illegal in the context of 
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Figure 1 

-Cont’d 

121 R 

0000D8A4 

OOOO9B00 

0000 

Oil 

| cs 

Descriptor Cache 

123 R 

0000D8A8 

0000DD30 

0000 

Oil 

1 


125 R 

0000D8AC 

0000FFFF 

0000 

Oil 

1 


127 R 

0000D8B0 

00009300 

0000 

Oil 

1 ES 

Descriptor Cache 

129 R 

0000D8B4 

00030000 

0000 

Oil 

1 


131 R 

0000D8B8 

00FFFFFF 

0000 

Oil 

1 



Figure 2 


4 3 3 32 2 222 2 2 0 
7 2 1 09 8 765 4 3 0 
+-+-+—+.+-+.+-+ 

116-bit Li mi11P|DPL|S|Type|A124-bit base addr| 
+-+-+—+_+-+.+-+ 


(a) 80286 Descriptor Cache Register 


3 2 2 22 2 111 1 1 1 1 0 Bit 

1 4 3 21 0 987 6 5 4 3 0 Offset 

+—+-+—+.+-+.+.+_+ — + 

| 0 |P|DPL|S|Type|A101D | 0 | 

+ — +-+ — +.+ - +.+.+_+ — + 

6 3 Bit 

3 2 Offset 

+ - + 

| 32-bit physical address | 

+ - + 

9 6 Bit 

5 4 Offset 

+ - + 

| 32-bit segment limit 
+-+ 

P \ 

DPL | 

S > See the appropriate Intel reference 

Type > manuals for a description of these 

A | fields. 

D / 


(b) 80386/80486 Descriptor Cache Register 


Descriptor Cache Layout 



MULTITASKING 

KERNEL 


8086/88, 80x86/88 80386 

Z80, 64180, 8080/85 68000/10/20 

■ Fast, reliable operation 

■ Compact and ROMable 

■ PC peripheral support 

■ DOS file access 

■ C language support 

■ Preemptive scheduler 

■ Time slicing available 

■ Configuration Builder 

■ Complete documentation 

■ Intertask messages 

■ Message exchanges 

■ Dynamic operations 

— task create/delete 

— task priorities 

— memory allocation 

■ Event Manager 

■ Semaphore Manager 

■ List Manager 

■ InSight™ Debugging Tool 


THE BEST 

Join over 600 developers such as 
IBM®, Xerox, Hewlett Packard, 
Hayes, Hughes Aircraft and NASA. 

CHOOSE AMX 

The best low-cost, high-performance 
real-time multitasking system 
available today. 


No Royalties 
Source Code Included 


Demo Disk and 

Manual only $75 US Call lor prices for 
AMX 86 $3000 US other processors. 

(Shipping/handling extra) 

IBM is a registered trademark of IBM Corp. 

Z80 is a trademark of Zilog, Inc. 

AMX. AMX 86, InSight are trademarks of 
KADAK Products Ltd. 




KADAK Products Ltd. 

206-1847 West Broadway 
Vancouver, B.C., Canada 
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« Telephone: (604) 734-2796 
IF Fax: (604)734-8114 
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Figure 3 


Descriptor Cache contents: Real-Mode 


Operand size(*)- 

Granular: ty (*)- 

Accessed- 

Read/Write- 

Expansion direction 

Executable- 

Code/Data Segment?- 
Privilege level---- 
Present- 


+ 


Base Addr Limit 
.+-+- 


CS |16xSeg. Reg.|OOOOffffh|Y|00|Y|N|U|Y|Y|-|H| 

— + - + - +-+ — 

SS |16xSeg. Reg.| Honored |H| H|Y|H|H|H|Y|-|-| 
—+-+-+_+— 


DS |16xSeg. Reg.| Honored |H| H|Y|H|H|H|Y|-|-| 
—+-+-+-+— 


ES |16xSeg. Reg.| Honored |H| H|Y|H|H|H|Y|-|-| 

FS |16xSeg. Reg.| Honored |H| H|Y|H|H|H|Y|-|-| 

— + - + - +-+ — 

GS |16xSeg. Reg.| Honored |H| H|Y|H|H|H|Y|-|-| 
—+-+- 


Y=Yes (1) 

N=No (0) 

U=Up (0) 

B=Byte (0) (*)=386 and 486 only 

S=16-bit (0) (*)=386 and 486 only 

H=Honored. Whenever the segment gets loaded, 
the contents of this field don't 
change. 

-=Not applicable 


Real Mode Descriptor Cache Contents 


real mode or protected mode, but 
LOADALL willingly loads these values 
with no checks. Once loaded, however, 
the CPU performs full access checks 
when accessing a segment. For ex¬ 
ample, you can load a segment whose 
access is marked “not present.” Normal¬ 
ly, this condition would generate excep¬ 
tion 11, “segment not present”, but 
LOADALL does not generate exception 
11. Instead, any attempt to access this 
segment will generate exception 13. 

LOADALL does not check coherency 
between the software-visible segment 
registers and the software-invisible seg¬ 
ment descriptor cache registers. Any 
segment descriptor base register may 
point to any area in the CPU address 
space, while the software-visible seg¬ 
ment register may contain any other 
arbitrary value. The CPU makes all 
memory references according to the 
descriptor cache registers, not the 
software-visible segment registers. All 
subsequent segment register loads will 
reload the descriptor cache register. Be¬ 
ware of using values in CS that do not 
perfectly match a code segment 
descriptor table entry, or a real mode 
code segment - an interrupt return 
(IRET) may either cause an exception or 
execution to resume at an unexpected 
location. Likewise, pushing and sub¬ 
sequently popping any segment register 
will force the descriptor cache register 
to reload according to the CPU's con¬ 
ventional protocol, thereby inhibiting 
any further real mode extended 
memory references. 
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Descriptor Cache Registers 

Whether in real or protected mode, the CPU stores the 
base address of each segment in hidden registers 
called descriptor cache registers. Each time the CPU 
loads a segment register, the segment base address, 
segment size limit, and access attributes (access rights) 
are loaded, or "cached,” into these hidden registers. To 
enhance performance, the CPU makes all subsequent 
memory references via the descriptor cache registers 
instead of calculating the physical address, or looking 
up the base address in the descriptor table. Under¬ 
standing the role of these hidden registers is 
paramount for exploiting highly advanced programming 
techniques, and for exploiting the undocumented 
LOADALL instruction. Figure 2a shows the descriptor 
cache layout for the 80286, and Figure 2b shows the 
layout for the 80386, and 80486. 

At power-up, the descriptor cache registers are 
loaded with fixed, default values; the CPU is in real¬ 
mode, and all segments are marked as read/write data 
segments, including the code segment ( CS ). According 
to Intel, each time the CPU loads a segment register in 
real-mode, the base address is 16 times the segment 
value, while the access rights and size limit attributes 
are given fixed, “real-mode compatible” values. This is 
not true. In fact, only the CS descriptor cache access 
rights get loaded with fixed values each time the seg¬ 
ment register is loaded - and even then only when a 
far jump is encountered. Loading any other segment 
register in real mode does not change the access rights 
or the segment size limit attributes stored in the 
descriptor cache registers. For these segments, the ac¬ 
cess rights and segment size limit attributes are 
honored from any previous setting (see Figure 3). Thus 
it is possible to have a four gigabyte, read-only data 
segment in real mode on the 80386, but Intel will not 
acknowledge, or support this mode of operation. 

Protected mode differs from real mode in this 
respect: each time the CPU loads a segment register, it 
fully loads the descriptor cache register-, no previous 
values are honored. The CPU loads the descriptor ache 
directly from the descriptor table. The CPU checks the 
validity of the segment by testing the access rights in 
the descriptor table, and illegal values will generate ex¬ 
ceptions. Any attempt to load CS with a read/write 
data segment will generate a protection error. 
Likewise, any attempt to load a data segment register 
as an executable segment will also generate an excep¬ 
tion. The CPU enforces these protection rules very 
strictly. If the descriptor table entry passes all the tests, 
then the CPU loads the descriptor cache register. □ 
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286LOAD.ASM Copyright (c) 1991 Robert Collins 

This program demonstrates various aspects of CPU 
behavior that become apparent when using LOADALL. 

Test 1: Checks that LOADALL loads all the general- 

purpose registers; loads the segment registers 
with values that are inconsistent to their 
respective descriptor cache registers. 

Test 2: Access extended memory in real mode. 

Test 3: Tests that the Present bit in a descriptor 
table can be loaded using LOADALL without 
generating exception 11. But when the segment 
is accessed, exception 13 is generated. 

NOTE: This test should be done in protected 
mode, but can be done in real mode. 1) In real 
mode, no error code is pushed on the stack 
(possibly due to a bug in the CPU). 2) Also 
in real mode, when this program is emulated on 
a '386, the '386 fails to set the Present bit 
when any subsequent segment in loaded. This 
latter condition is clearly a bug in the '386. 

This program was written for Microsoft MASM 5.1, and 
MS DOS 3.3. This program contains compiler directives 
and branching techniques that might not be available 
on previous versions of the Macro Assembler, nor in 
competitive products. If this program is executed on 
any version of DOS prior to 3.3, it will most certainaly 
cause the system to crash. No attempt is made in this 
program to be compatible with previous versions of DOS, 
but compatibility can be done, and is left as an 
exercise to the reader. 


Listing 1 


Es 

dw 

3333h 

Di 

dw 

6666h 

Si 

dw 

7777h 

Bp 

dw 

5555h 

Sp 

dw 

8888h 

Bx 

dw 

2222H 

Dx 

dw 

4444h 

_Cx 

dw 

3333h 

Ax 

dw 

llllh 

ESDesc 

db 

00,00,03,93h,0ffh,0ffh 

CS~Desc 

db 

00,00,00,9bh,0ffh,0ffh 

SS Desc 

db 

00,00,04,93h,0ffh,0ffh 

DS_Desc 

db 

00,00,02,93h,0ffh,0ffh 

Gdt_Desc 

db 

00,00,00,00h,000h,000h 

Ldt_Desc 

db 

00,00,06,82h,088h,000h 

Idt Desc 

db 

00,00,00,00h,0ffh,003h 

TSSJJesc 

db 

00,00,05,89h,000h,008h 

Loadall_Struc ENDS 




Descriptor STRUC 



Seg limit 

dw 

? ; Segment limit 

Base A15 A00 

dw 

? ; A00..A15 of base address 

Base_A23_A16 

db 

? ; A16..A23 of base address 

Access rights 

db 

? ; Segment access rights 

Limit_A19_A16 

db 

? ; Granularity, Op-size, 



; Limit A16..A19 

Base_A31_A24 

db 

? ; A24..A31 of base address 


Descriptor ENDS 


INT_Desc STRUC 





IGate Offset 

dw 

? 

» 

Offset of handler 

CSEGSel 

dw 

7 

t 

Code segment selector 


db 

0 




db 

86h 

t 

286 interrupt gate-16bit 




t 

CSrIP, FLAGS 

Resvd 

tut ^ rune 

dw 

0 

» 

Reserved-0 


Compiler directives 


Macro definitions 


Title 

LOADALL 286 

FARJMP MACRO 

destination,selector 

; dynamic JMP FAR SEG:OFF 

•radix 

16 

db 

Oeah 

;; jmp instruction 

.8086 


dw 

offset destination 

;; offset word 



dw 

selector 

;; segment selector word 



endm 




Interrupt vector segment 


ABSO segment at 0 

org 06h*4 

INT6 

dd 

7 

; INT 06h vector 

org 0467h 

PM_Ret_off dw 

? 

t 

; PM Return address 
Offset 

PM_Ret_seg 

dw 

7 

; Segment 

org 800h 

Loadall Locn 

label 

word 

; LOADALL table loc 


ABSO ends 


Structure definitions 


Desc cache STRUC 


;; Hidden descriptor cache 

A15 AOO dw 

7 

;; format. 

A23_A16 db 

7 


_Type db 

7 


_Limit dw 
Desc_cache ENDS 

7 



Loadall_struc STRUC 


;; LOADALL memory image format 


dw 

3 dup 

(0) 

_Msw 

dw 

0 



dw 

7 dup 

(0) 

_Tr 

dw 

0 


Flags 

dw 

2 


”lp 

dw 

0 


Ldt 

dw 

0 


~Ds 

dw 

2222h 


Ss 

dw 

4444h 


"Cs 

dw 

llllh 



I0_DELAY MACRO 

out Oedh.ax 
endm 


LOADALL 

mov 

mov 

mov 

mov 

mov 

rep 

db 

ENDM 


MACRO 

cx.ABSO 

es,cx 

cx,(size Loadall_struc) / 2 

si,offset Loadall tbl 

di,800h 

movsw 

0fh,05 


PRINT_STRING 

mov 

mov 

int 

ENDM 


MACRO MSG_NAME 
ah,9 

dx,offset MSG_NAME 
21 h 


_DATA 

SEGMENT PARA PUBLIC 'DATA' 

Equates & local 

variables 


Protected mode 

access rights 


CS access 

equ 

10011011b 

DS_access 

equ 

10010011b 

Text equates 

CRLF 

equ 

<0dh,0ah> 

CRLF$ 

equ 

<CRLF,'$'> 
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80286 LOADALL 

You encode the 80286 LOADALL as a two-byte opcode, 
0F05h. LOADALL reads its table from a fixed memory location 
at 800h (80:0 in real-mode addressing). LOADALL performs '51 
bus cycles (WORD cycles), and takes 195 clocks with no wait 
states. Table 1 shows the format you must prepare at location 
800h before executing the 286 LOADALL instruction. All CPU 
register entries in the LOADALL table conform to the standard 
Intel format, where the least significant byte is at the lowest 
memory address. Table 2 shows the 286 format of the 
descriptor cache entries. 

Intel recommends some guidelines for proper execution 
following LOADALL. The stack segment should be a read/write 
data segment; the code segment can be execute only (ac- 
cess=95h), read/execute (access=9bh), or read/write/execute 
(access=93h). Proper protected mode operation also requires 
that the DPL of CS and DPL of SS be equal. These attributes 
determine the CPL of the processor. Also, the DPL fields of ES 
and DS should be equal to 3 to prevent RETF or IRET instruc¬ 
tions from zeroing these registers. 

The code in Listing 1 demonstrates how to explore the 
various operating modes with 286 LOADALL and how to access 
extended memory while in real mode. The LOADALL test per¬ 
forms various functions that would be impossible to duplicate 
without using LOADALL (see Listing 4 for common code to 
detea the CPU type). 


INT6 

Listing 1 — Cont’d 

equ [bp-4] 

; Conditional compilation. Set USE 386*1 if you plan to execute 

; this program on a 

'386 using EMUL0AD. 


USE_386 

equ 

0 


; Loadall table(s) 

Loadall tbl 

Loadall struc o 


Machine_State Loadall_struc o 


; Global Descriptor Table 

GOT 286 Descriptor 

<Gdt2 len-l,,,DS access> 

CSEG2 Descriptor 

<0ffffh,,,CS access> 

CS 

DSEG2 Descriptor 

<0ffffh,,,DS access> 

DS 

Gdt2_len 

equ 

S-Gdt_286 


; Interrupt Descriptor Table 

IDT 286 INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT00 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT01 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT02 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT03 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT04 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT05 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT06 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT07 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT08 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INT09 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INTOa 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INTOb 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INTOc 

INT Desc 

<0ffset INT13.CSEG2-GDT 286> 

INTOd 
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Listing 1 

— Cont’d 



IDT2 Len 

equ S-IDT 286 

I----------- 





mov 

ax,cs 

; Prepare 24-bit 




mov 

es,ax 

; physical address that 


Mi sc. local 

variables 

mov 

si ,0 

; is put in the LOADALL 




cal 1 

Calc pm address 

; descriptor cache 

Mem buffer 

db 400h dup (0) 

mov 

Loadall tbl.CS Desc.A15 AOO.ax ; entry. 

Results 

dw 0 

mov 

Loadall tbl.CS Desc.A23 A16,dl 

18259 1 

db ? ; Status for master device 

smsw 

ax 


i8259 2 

db ? ; Status of slave device 

mov 

Loadall tbl. Msw.ax 




mov 

Loadall tbl. Ip,offset Verify State 



mov 

word ptr cs:stack ptr,sp ; save SS:SP 




mov 

word ptr cs:stack ptr[2],ss 


String Messages 

LOADALL 


; If LOADALL Is removed 




nop 


; from the CPU mask, 

Passed db 

" PASSED.",CRLF$ 

Print String failed 

; then fall through 

Failed db 

"— > FAILED <— ",CRLF$ 

Print String Rmvd 

; to here. 

Not 286 db 

"Not 80286 class computer.",CRLF$ 




Rmvd db 

"LOADALL removed from 80286 mask.",CRLF$ 

Loadall RET: 



RFail db 

"Registers weren't loaded correctly." 

call 

Restore state 


LF db 

CRLFS 






IFE 

USE 386 





cal 1 

set INT6 vector 

; set our INT6 handler 


I'm doing this wierd string definition technique to limit the 

leave 




page width to 64 characters. 

ENDIF 




est 1 label 

word 

retf 



db "Test 

1: Testing 286 LOADALL instruction: ",24 




Test 2 label 

word 

»------- 

Verify State: 

; Verify that LOADALL worked 

db "Test 

2: Testing extended memory In real mode: ",24 

t 





; This is where 

we land for the first 

test of '286 LOADALL. 

Test 3 label 

word 

; The purpose of this test is to verify that all the general 

db "Test 

3: Testing Present BIT in descriptor: ",24 

; purpose registers get loaded correctly. Specifically, we are 



; testing to verify that all segment registers contain values 

DATA ends 


; that don't correspond to the memory addresses they appear to 




; be pointing to. In other words, we 

are checking that the 



; that the segment registers have one 

value, while their 

TEXT 

SEGMENT PARA PUBLIC 'CODE' 

; associated hidden descriptor cache registers have different 

ASSUME CS: TEXT, DS: DATA, ES: DATA, SS:STACK 

; values. 



.286p 








cmp 

ax.llllh 

; Test AX 


A little CS- 

relative data for the stack pointer. This is 

jne 

@F 



to avoid using other kludge techniques, caused by using 

cmp 

bx,2222h 

; Test BX 


LOADALL, that make using the data segment undesirable. 

jne 

@F 





cmp 

cx,3333h 

; Test CX 

Stack 

ptr dw 0 

jne 

@F 



dw 0 

cmp 

dx,4444h 

; Test DX 



jne 

@F 


;——- 


cmp bp,5555h 

; Test BP 

LOADALL 286 

proc far 

jne 

@F 




cmp 

di,6666h 

; Test DI 

PUSH 

DS ; Setup the stack to 

jne 

@F 


XOR 

AX,AX ; return to DOS 

cmp 

si ,7777h 

; Test SI 

PUSH 

AX 

jne 

@F 




cmp 

sp,8888h 

; Test SP 

MOV 

AX, Data 

jne 

short @F 


MOV 

DS,AX 

mov 

ax,cs 

; Test CS 

MOV 

ES.AX 

cmp 

ax.llllh 




Jne 

short @F 





mov 

ax,ds 

; Test DS 


Check CPU type, and set up a minimal invalid opcode handler 

cmp 

ax,2222h 



in case LOADALL has been removed from the CPU mask. 

jne 

short @F 





mov 

ax.es 

; Test ES 

IFE 

USE 386 

cmp 

ax,3333h 


Call 

CPU Type ; 286, 386? 

jne 

short @F 


cmp 

ax,2 ; 286? 

mov 

ax.ss 

; Test SS 

Je 

short @F ; yep 

cmp 

ax,4444h 


Print String LF 

jne 

short @F 


Print String Not 286 

cmp 

word ptr ds:[0],0202h 

; Test DS Desc Cache 

retf 

; go split 

jne 

short @F 




cmp 

word ptr es:[0],0303h 

; Test ES Desc Cache 

enter 

4,0 ; create stack frame 

jne 

short 0F 


mov 

word ptr INT6,offset INT6 handler 

cmp 

word ptr ss:[0],0404h 

; Test SS Desc Cache 

mov 

INT6[2],cs 

jne 

short §F 


call 

set INT6 vector ; set our INT6 handler 

mov 

ax, Data 


ENDIF 


mov 

ds.ax 




mov 

es,ax 


cli 





Call 

Save State ; Save the current CPU 

mov 

ax,cs:stack ptr[2] 


Print String LF ; state 

mov 

ss.ax 


Print String Test 1 

mov 

sp,cs:stack ptr 




FARJMP 

<@Testl_Pass>,<seg _Text> 




; Loadall failed the REGISTERS test. 



TEST1: Real 

mode 

• "" 




Test general purpose registers 

mov 

ax,_Data 



Test Segment registers 

mov 

ds.ax 



Test Descriptor cache base address 

mov 

es.ax 





mov 

ax,cs:stack ptr[2] 



(1) Setup LOADALL structures, and pointers 

mov 

ss.ax 



(2) Execute 

LOADALL 

mov 

sp,cs:stack ptr 



(3) Verify results of the test 

FARJMP 

<@F>,<seg _Text> 
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80386 LOADALL 

The 386 LOADALL is encoded as a two-byte opcode (OF07). 
Unlike the 286 LOADALL, this LOADALL instruction reads its data 
from a table pointed to by ES:EDI. Segment overrides are al¬ 
lowed, but apparently ignored. The 386 LOADALL performs 51 
bus cycles (DWORD cycles) and takes 122 clocks with no wait 
states. Table 3 shows the 386 LOADALL format. However, Table 
3 does not show that prior to reading the LOADALL table, 
LOADALL reads 10 DWORDs exactly 10Oh bytes beyond the 
beginning of the table ( ES:EDI+100h ). This data is not used to 
load any of the registers LOADALL does not load (CR2, CR3, 
DR0-DR3, TR6, TR7), or the Numeric Processor extension (NPX). 
At this time, the purpose of reading this data and its destina¬ 
tion is a mystery. Figure 1 shows an ICE trace showing all the 
bus cycles associated with LOADALL' s execution. 

As with the 286 LOADALL, all CPU register entries in the 
LOADALL table are in the standard Intel format where the least 
significant byte is at the lowest memory address. The 386 
descriptor cache entries have the format shown in Table 4. 

Listing 2 shows how to test 386 LOADALL. This test is more 
comprehensive than the 286 LOADALL test because of the ex¬ 
panded capabilities of the 386 microprocessor. This test puts 
the CPU into various states that are illegal and are impossible 
to duplicate through any other software means. 


Listing 1 — Cont’d 

Print_Str1ng failed 
Pr1nt_String RFall 
jmp loadalljret 


LOADALL passed 


@Testl_Pass: 

Pr1nt_Str1ng passed 


TEST2: Access extended memory while in real mode. 

(1) Enable A20 

(2) Save contents of extended memory 

(3) Write data pattern in extended memory 

(4) Set IP & ES descriptor cache pointing to extended memory 

(5) LOADALL 

(6) Verify results 

(7) Restore original data in extended memory 


Print String Test 2 
Call 
mov 
mov 
mov 
mov 
mov 
rep 
mov 
mov 
mov 
mov 
rep 
mov 
mov 
mov 
mov 
mov 
mov 
mov 


Enable_Gate20 

bx.Offffh 

ds,bx 

si,10h 

di,offset Mem_buffer 

cx,400h / 2 

movsw 

ax t 5aa5h 

es,bx 

cx,400h / 2 

di,10h 

stosw 

ax,_data 

ds.ax 

Loadall_tbl._AX,5aa5h 
Loadall tbl._CX,400h / 
Loadall_tbl._DI,Oh 
Loadall_tbl._SP,sp 
Loadall_tbl._IP,offset 


Enable extended memory 
Point to extended mem. 
as FFFFrOOlO 


lk data block to test 
save extended memory 
test pattern 
point to extended mem. 


store pattern in mem. 


save SP 
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Listing 1 —Cont’d 


mov Loadall_tbl.ES_Desc.A15_A00,00 
mov Loadall_tbl.ES Desc.A23~A16,10 
LOADALL 




repz scasw ; data match? 

lahf ; get flags 

mov bx,_Data 

mov ds.bx 

mov cx.Offffh 

mov es.cx 

mov cx,400h / 2 

mov si,offset Mem_buffer 

mov dl.lOh 

rep movsw ; restore data 

mov es.bx 

mov cx,cs:stack_ptr[2] 

mov ss.cx 

FARJMP <@F>,<seg _Text> 

sahf ; restore flags 

jz @Test2 Pass 

PRINT_STRING ' failed 
jmp Loadall_RET 


@Test2_Pass: 

” PRINT_STRING passed 


TEST3: Test that the Present bit gets loaded w/out exception, 
but when a segment is accessed INT13 get generated. 

If LOADALL works even remotely like we think it does, 
then this test will work in REAL MODE! And as this 
test was originally programmed, it did! However, I 
was doing my testing by emulating *286 LOADALL with 
'386 LOADALL, where I could use an ICE for debug 
purposes. The code worked on a '286, but failed on a 
'386! I found that the '386 fails to clear the 
Present bit in the descriptor cache register when a 
segment register is loaded in real mode. This Is 
obviously a bug In the '386. Since the CPU is in a 
state that can never be duplicated under any program 
control, except by using LOADALL (Present-0), the bug 
will never be manifested in any production code. As a 
result, I reprogramed this example to use protected 
mode so it would work on both the '286 and '386. 

(1) Prepare GDT & IDT descriptor cache registers and 
descriptor tables, & segment selectors 

(2) Set protected mode bit, clear Present bit, set IP 

(3) Save the 8259 masks, set the PM return address, and set 
CMOS shutdown-5 

(4) LOADALL 

(5) Generate the exception 

(6) Reset ES to a valid segment selector & save results of 
test. 

(7) Reset the CPU, restore 8259 masks, inhibit A20 from the 
CPU bus, restore segment registers to real mode values. 

(8) Verify the results 


Test Present bit: verify that P-0 in a descriptor cache 
register will, even in REAL MODE, will generate an exception 
13 when trying to access memory 


Test3: Print String Test 3 

mov 

ax,_Data 

mov 

es,ax 

mov 

si ,0 

call 

Calc pm address 

mov 

DSEG2.Base A15 AOO.ax 

mov 

DSEG2.Base~A23_A16,dl 

add 

ax,offset GDT 286 

adc 

dl ,0 

mov 

Loadall tbl.GDT Desc.A15 AOO.ax 

mov 

Loadall tbl.GDT Desc.A23~A16,dl 

mov 

Loadall tbl.GDT Desc. Limit,GDT2 Len-1 

mov 

si,offset IDT_286 

call 

Calc pm address 

mov 

Loadall~tbl.IDT Desc.A15 AOO.ax 

mov 

Loadall tbl.IDT Desc.A23 A16,dl 

mov 

LoadaH~tbl.IDT~Desc. Limit,IDT2 Len-1 

mov 

ax,_TEXT 

mov 

es,ax 

mov 

si ,0 

call 

Calc pm address 

mov 

CSEG2.Base A15 AOO.ax 

mov 

CSEG2.Base~A23 A16,dl 

mov 

Loadalltbl._CS,CSEG2-GDT_286 

or 

Loadall_tbl._MSW,l 


and Loadall_tbl.ES_Desc._Type,7fh ; Clear P bit 


mov 

Loadall_tbl._IP,offset @PM_286 ; Set IP 


Call 

Get INT Status 

save PIC masks 


mov 

ax,offset @RM 286 

save real mode 

return 

Call 

SetPM_RET_addr 

address 


Call 

Set_shutdown_type 

set shutdown i 

CMOS 

LOADALL 




@PM_286:mov 

al,es:[di][2] 



mov 

ax,DSEG2-GDT_286 



mov 

es.ax 



mov 

ES:Results,di 



jmp 

RESET_CPU 



@RM_286:mov 

ax,cs:stack_ptr[2] 



mov 

ss.ax 



mov 

sp,cs:stack_ptr 



mov 

ax,_Data 



mov 

ds,ax 



mov 

es.ax 



cal 1 

Set INT Status 



call 

Shut_A20 



mov 

di.Results 

If an exception 13 was 

test 

di ,1 

generated, then the 

jnz 

@F 

low bit of DI 

is set 


Print_String failed 

jmp Loadal 1_RET 

; Test failed 

Print_String passed 

; Test passed 

jmp Loadall RET 


L0ADALL_286 endp 



; Minimal exception 13 handler that points past a 4-byte opcode, 

; and sets the lowest bit in DI before returning. 

INT13 

label word 

push 

bp 

mov 

bp.sp 

add 

word ptr [bp][4],4 

or 

di.l 

pop 

bp 

add 

sp.2 

iret 



Equates & local 

variables 



I/O Ports 

Mstrmsk 

equ 

021h ; 

8259 master mask addr 

KBC CTL 

equ 

060h ; 

8042 control port 

KBC STAT 

equ 

064h ; 8042 status port 

Cmos index 

equ 

070h ; 

CMOS address port 

Cmos data 

equ 

071h ; 

CMOS data port 

Slv msk 

equ 

Oalh 

8259 slave mask addr 


CMOS RAM 

Shut down 

equ 

OOfh 

; CMOS index for shutdwn 

Type5 

equ 

5 

; Shutdown type-5 

Keyboard Controller 

inpt buf full 

equ 

2 

; Input buffer full 

Shutdown CMD 

equ 

Ofeh 

; Shutdown CMD for KBC 

enable bit20 

equ 

Odfh 

; enable A20 command 

disable_bit20 

equ 

Oddh 

; disable A20 command 


RESET_CPU:; Resets the CPU by sending a shutdown command to 
the keyboard controller. 


; Input: None 
; Output: None 

; Register(s) modified: Doesn't matter, the CPU is reset 


mov 

al,Shutdown CMD 

; get shutdown command 

out 

KBC_STAT,al 

; send command to shutdown CPU 

cl 1 


; disable interrupts so that 
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LOADALL Emulation 

Due to the large number of systems programs that use 286 
LOADALL, all 386 and 486 BIOSs must emulate the 286 LOADALL 
instruction (opcode 0F05). On the 386 and 486, the 286 
LOADALL instruction generates an invalid opcode exception. 
The BIOS traps this exception and does its best to emulate the 
functionality of the LOADALL instruction, but perfect emulation 
is impossible without using LOADALL itself. Using 386 LOADALL 
to emulate 286 LOADALL can be done, but has its risks. First of 
all, the 486 does not have a LOADALL instruction. Second, Intel 
has threatened to remove LOADALL from the 386 mask. 

Perfect emulation is possible on the 386 by using 386 
LOADALL to emulate 286 LOADALL. Listing 3 shows a TSR pro¬ 
gram that uses 386 LOADALL to emulate 286 LOADALL. The pro¬ 
gram first tests that you are a 386 before installing itself. By 
using this emulation program, you can guarantee perfect 286 
LOADALL emulation. 

Conclusion 

LOADALL is a very powerful instruction, but the features 
that make it so powerful also make it risky. For example, 
LOADALL can put the processor in states that are otherwise 
impossible to duplicate through any other software means. 
Using LOADALL requires a thorough understanding of how the 
CPU processes register loads, the ramifications of those register 
loads, and careful planning. The illegally induced processor 
states can easily cause system crashes if not properly planned 
for. The best way to avoid system crashes is to avoid using 


Listing i — Cont’d 

; an INT can't come through 
; before the CPU resets 


SETPM_ 

RET_ADDR 

Save the real-mode return address @ 40:67 
from protected mode. 

Input: 

CS:AX 

- Return address from PM. 


DS 

■ Better darn well have a PM segment selectorl 
(Or else Kablooiel) 

Output 

None 


Register(s) modified: None 


Setpm_ret_addr proc near 


push dx ; save it 

push ds 

mov dx.ABSO ; 

mov ds,dx 

ASSUME DSrABSO 

mov DS:PM_Ret_off,ax 

mov DS:PM Ret seg.cs 

ASSUME DS:_DATA 
pop ds 

pop dx 

ret 

Setpm_ret_addr endp 


Get_INT_status: 

Saves the master and slave mask register 
contents from the 8259 interrupt controller. 

Input: DS 

- DATA SEGMENT 

Output: i8259 1 

■ Status of master device 

18259 2 

■ Status of slave device 

Register(s) modified: None 

Get_int_status 

proc near 


> j 

'ui 


'V' y i. 


Tired of the Way CONFIGSYS Boots You Around? 


BOOTCON 



/A 1 


l. I, <- ■, 'It 
• ,'V? 


Then Give Your CONFIG.SYS the Boot-With BOOTCON. 

. . it's bulletproof... The interface is well thought out. You need this program." 
Dr. Jerry Pournelle, Byte, July 1990 

"Highly recommended." 

John C. Dvorak, PC Magazine, July 1990 

How many CONFIG.SYS and AUTOEXEC.BAT combinations do you have on your 
PC? BOOTCON eliminates the confusion by storing all your configuration 
information in just one set of configuration files. Each time you boot your PC 
you can select the configuration you want to use from a menu of up to 26 
choices. 

BOOTCON is ideal when you need to use conflicting programs such as Windows 
3.0, QEMM/386, 386max, Soft-ICE, and Lotus 123. A default configuration will 
automatically be used if you do not make a selection within the specified time-out 
period. BOOTCON also provides an optional password protection feature. 

BOOTCON lists for $59.95. 


EH MODULAR 

SOFTWARE SYSTEMS 


(818) 440-9104 FAX (818) 440 9240 

115 W. California Blvd. Suite #113, Pasadena, CA 91105 




- I 


im 


BOOTCON comes on both 5 1/4' and 3 1/2' disks. It has an unconditional 30-day money-back guarantee. MS-DOS or PC-DOS 3.10 or later is required. 

Windows and MS-DOS are trademarks of Microsoft Corporation. PC-DOS is a trademark of International Business Machines Corporation. QEMM/386 is a trademark of Quarterdeck C 
Systems. 386 MAX is a trademark of Qualitas Corporation. Soft-ICE is a trademark of Nu-Mega Technologies. Lotus and 123 are trademarks of Lotus Development Corporation. 


□ Request 186 on Reader Service Card □ 


October 1991 


TECH Specialist — Page 35 



















Listing 1 — Cont’d 


push ax 


or 

al ,a1 

; was command accepted? 

In al.mstrmsk 

; get master PIC mask 

jz 

A20_Shut 

; go if yes 

mov 18259 l,al 


stc 


; set error flag 

I0_Delay 

; I/O delay 




In al,s1v msk 

; get slave PIC mask 

A20_Shut: 



mov i8259_2,al 


pop 

ax 


pop ax 


ret 


; exit 

ret 

; exit 

Shut_a20 

endp 



Get Int status endp 


Set_INT_status: Restores the interrupt status of the 8259A 
programmable interrupt controller (PIC). 


Input: i8259_l ■ Status of master device 

i8259_2 ■ Status of slave device 
DS ” • _DATA SEGMENT 
Output: None 

Register(s) modified: None 


Set int status proc near 


pushf 


; save interrupt flag 

cli 


; we REALLY don't want an Int 
; to come through while we are 

push 

ax 

; reprogramming the PIC masks 

mov 

al,i8259_1 


out 

mstrmsk,a1 

; restore master PIC mask 

10 Delay 

; I/O delay 

mov 

al,18259_2 


out 

slvjnsk.al 

; restore slave PIC mask 

pop 

ax 


popf 


; restore interrupt flag 

ret 


; exit 

status 

endp 



SET SHUTDOWN_TYPE: Set the processor shutdown type-5 in CMOS. 


Input: None 

Output: None 

Register(s) modified: None 


Set_shutdown_type proc near 


pushf ; 

ell 

push ax 

mov al,shut_down 
out cmos_index,al 

I0_Delay 

mov al,Type5 

out cmos_data,al 

pop ax 

popf 

ret 

set_shutdown_type endp 


save interrupt status 

; disable ints so somebody else 
; doesn't do this right now 

; Set shutdown byte 
; to shut down x05. 

; I/O delay 
• 

; CMOS data port 


Enable_gate20: Turn on A20, and check for errors. 


Input: None 

Output: CY-ERROR 
Register(s) modified: None 


Enable_gate20 proc near 


push 

ax 


mov 

ah,enable_b1t20 

; gate address bit 20 on 

Call 

Gate_A20 


or 

al ,aT 

; command accepted? 

jz 

A20_0K 

; go If yes 

stc 


; set error flag 

A20_0K: pop 

ax 


ret 


; exit 

Enable_gate20 

endp 



SHUT A20: Disable A20 from CPU address BUS. 


Input: None 

Output: CY-ERROR 
Register(s) modified: None 


Shut a20 proc near 


push ax 

mov ah,disable bit20 ; gate address bit 20 on 

Call Gate_A20 


GATE A20: This routine controls a signal which gates address 
line 20 (A20). The gate A20 signal Is an output of 
of the 8042 slave processor (keyboard controller). 

A20 should be gated on before entering protected 
mode, to allow addressing of the entire 16M address 
space of the 80286, or 4G address space of the 
80386 & 80486. It should be gated off after 
entering real mode — from protected mode. 


Input: AH - DD --> A20 gated off (A20 always 0) 

AH - DF —> A20 gated on (CPU controls A20) 

Output: AL - 0 --> Operation successful 

AL - 2 —> Operation failed, 8042 can't accept cmd 

Register(s) modified: AX 

Gate_a20 

proc near 


pushf 


save interrupt status 

cli 


disable ints while using 8042 

Call 

Empty 8042 

insure 8042 input buffer empty 

jnz 

A20 Fail 

ret: 8042 unable to accept cmd 

10 Delay 

I/O Delay 

mov 

al.ODlh 

8042 cmd to write output port 

out 

KBC STAT.al 

output cmd to 8042 

Call 

Empty 8042 

wait for 8042 to accept cmd 

jnz 

A20 Fail 

ret: 8042 unable to accept cmd 

mov 

al ,ah 

8042 port data 

out 

KBC CTL,al 

output port data to 8042 

Call 

Empty 8042 

wait for 8042 to port data 

push 

CX 

save it 

mov 

cx,14h 


@DLY: 10 Delay 

Wait for KBC to execute the 

loop 

@DLY 

command, (about 25uS) 

pop 

CX 

restore it 

A20 Fail: 

popf 

ret 


restore flags 

Gate a20 

endp 



EMPTY 8042: This routine waits for the 8042 buffer to empty. 


Input: None 

Output: AL - 0, 8042 input buffer empty: ZF 

AL - 2, Time out; 8042 buffer full: NZ 
Register(s) modified: AX 


8042 

proc near 

push 

CX 

xor 

cx,cx ; 

10 Delay ; 

In 

al.KBC STAT ; 

and 

al,inpt buf full; 

loopnz 

T ry_KBC ; 

pop 

cx ; 

ret 



Try KBC: 


save CX 

CX-0: timeout value 


read 8042 status port 
input buffer full flag (Dl) 
loop until Input buffer empty 
or timeout 
restore CX 


Empty 8042 endp 


CALC_PM_ADDRESS: Calculate 32-bit protected mode address. 

Used for building descriptor tables. 


Input: ES:SI - Real mode address 

Output: DX:AX - 32-bit linear address 
Register(s) modified: AX, DX 


Calc_pm_address proc near 

mov 

ax,es 

point to control block 

xor 

dh.dh 

clear upper register 

mov 

dl.ah 

build high byte of 32-bit addr 

shr 

dl ,4 

use only high nibble from (AX) 

shl 

ax, 4 

strip high nibble from segment 

add 

ax,si 

add GDT offset for low word 

adc 

dx,0 

adj high byte If CY from low 

ret 


back to calling program 
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LOADALL unless you are totally confident in your under¬ 
standing of the CPU and in your programming skills. 

The 286 LOADALL is described in a 15-page Intel-confidential 
document The document describes in detail how to use the 
instruction, and also describes many of its possible uses. 
LOADALL can be used to access extended memory while in 
real mode, and to emulate real mode while in protected 
mode. Programs such as RAMDRIVE, ABOVEDISC, and OS/2 use 
LOADALL. DOS 3.3 has provisions for using LOADALL by leaving a 
102-byte 'hole' at 80:0. If you are a systems programmer and 
have a need to know this information, Intel will provide it 
along with source code to emulate 286 LOADALL on the 386 
(without using 386 LOADALL). 

Unlike the 286 LOADALL, the 386 LOADALL is still an Intel top 
secret I do not know of any document that describes its use, 
format, or acknowledges its existence. Very few people at 
Intel will acknowledge that LOADALL even exists in the 80386 
mask. The official Intel line is that doe to U.S. Military pres¬ 
sure, LOADALL was removed from the 80386 mask over a year 
ago. However, running the program in Listing 2 demonstrates 
that LOADALL is alive, well, and still available on the latest 
stepping of the 80386. □ 


ASSOCIATE 
TECHNICAL EDITORS 
NEEDED! 

R&D Publications, Inc. is seeking technical ad¬ 
visors to the company to primarily support the edit¬ 
ing function as ASSOCIATE EDITORS. Other 
duties may include internal software development, 
internal software maintenance, Xenix system ad¬ 
ministration, internal technical training, customer 
referrals, internal consultation for software / 
hardware puchases, book and new product develop¬ 
ment. 

Depending on your background, the position’s 
responsibilities may include any of the above areas. 
If these duties interest you and you’re willing to 
relocate to Lawrence, Kansas, please submit a 
cover letter and resume to Kelly Calvert, HR 
Manager, 2601 Iowa, Lawrence, KS 66046. 



publications, inc. 


Listing 1 — Cont’d 

calc_pm_address endp 

Save state 

proc near ; Save the machine state before 

; 

; LOADALL 

push 

ax 

push 

ds 

mov 

si ,0 

mov 

di,offset Machine State.ES Desc 

mov 

ax,3000h ; ES descriptor 

mov 

ds,ax 

mov 

bx,0303h 

movsw 


mov 

word ptr [si-2],bx 

add 

ax,1000h ; SS descriptor 

add 

bx,0101h 

mov 

si ,0 

add 

di.Oah 

mov 

ds.ax 

movsw 


mov 

word ptr [si-2],bx 

sub 

ax,2000h ; DS descriptor 

sub 

bx,0202h 

mov 

si ,0 

add 

di ,4 

mov 

ds,ax 

movsw 


mov 

word ptr [si-2],bx 

pop 

ds 

smsw 

ax 

mov 

Machine State. Msw.ax 

pushf 


pop 

ax 

mov 

Machine State. Flags,ax 

pop 

ax 



MULTITASKING DOS IN 
YOUR EMBEDDED SYSTEM! 

EMBEDDED DOS™ -Thefull- 
■ - featured, real-time, fully-reentrant, 
MS-DOS 3.31-compatible DOS 
that packs power and performance 
matching dedicated real-time 
executives. 

GS #401, Embedded DOS 
Adaptation Kit $495/kit 


■ Uvt 

WRITING DEVICE DRIVERS 
IS A SNAP WITH 
DEVICE DRIVER TOOLKIT! 


With the complete source to 
Embedded DOS's device drivers 
at hand, you'll have a head start 
on your next device driver project 
with this model code! 

GS #407, Embedded DOS 
Device Driver Toolkit $175/kit 



I 

t'V- 

& 


MAKE YOUR OWN DISKETTES 
BOOTABLE WITH 
BOOTER TOOLKIT! 

This fascinating software construction 
set provides the tools you need to 
explore the world of bootable systems 
for the PC, including a multitasking 
scheduler, a file system, and a 
windowing manager, complete with 
full source code so you can really 
understand how it works. 


BUILD UP YOUR OWN 
ARSENAL OF UTILITY 
PROGRAMS WITH OUR 
UTILITY TOOLKIT! 

Explore and enhance these 
major DOS utilities (written 
in C) to build your own 
custom environment - or 
better, company-wide 
environment! 






□ Request 102 on Reader Service Card □ 

TECH Specialist — Page 37 


October 1991 





















Listing 1 — Cont’d 

mov Machine State. DI,di 

mov 

Machine State. SI,si 

mov 

Machine State. BP,bp 

mov 

Machine State. BX,bx 

mov 

Machine State. DX,dx 

mov 

Machine State. CX.cx 

mov 

Machine State. AX,ax 

mov 

ax,ds 

mov 

Machine_State,_DS,ax 

mov 

ax,es 

mov 

Machine State. ES,ax 

ret 


Save_state 

endp 

* 

Restore state 

proc near ; Restore the machine state 

• 

; after LOADALL 

• 

mov 

ax, data 

mov 

ds,ax 

mov 

ax,3000h ; ES 

mov 

es,ax 

mov 

si,offset Machine State.DS Desc 

mov 

di ,0 

movsw 


add 

ax,1000h ; SS 

add 

si,0ah 

mov 

di ,0 

mov 

es,ax 

movsw 


sub 

ax,2000h ; DS 

add 

si.4 

mov 

di ,0 

mov 

es,ax 

movsw 


mov 

ax,Machine_State._ES 

mov 

es,ax 

mov 

ax,Machine State. DS 

mov 

ds,ax 

mov 

ax,Machine_State._Flags 

push 

ax 

popf 


mov 

ax,Machine_State._Msw 

lmsw 

ax 

mov 

ax,Machine State. AX 

mov 

cx,Machine State. CX 

mov 

dx,Machine State. DX 

mov 

bx,Machine State. BX 

mov 

bp,Machine State. BP 

mov 

si.Machine State. SI 

mov 

di,Machine State. DI 

ret 


Restore_State 

endp 

IFE 

USE_386 

; Include the CPU_TYPE procedure & LOADALL test 

Include CPU 

TYPE.ASM 

ENDIF 


_text ends 


stack 

segment para stack 'stack' 

db 

400h dup (0) 

stack 

ends 

end 

L0ADALL_286 

; End of File 



Listing 2 


Page 60.132 


386LOAD.ASH Copyright (c) 1991 Robert Collins 

This program demonstrates various aspects of CPU 
behavior that become apparent when using LOADALL. 

Test 1: Checks that LOADALL loads all the general- 

purpose registers; loads the segment registers 
with values that are inconsistent to their 
respective descriptor cache registers. 

Test 2: Access extended memory in real mode. 

Test 3: Tests that the Present bit in a descriptor 
table can be loaded using LOADALL without 
generating exception 11. But when the segment 
is accessed, exception 13 is generated. 

NOTE: This test should be done in protected 
mode, but can be done in real mode. 1) In real 
mode, no error code is pushed on the stack 
(possibly due to a bug in the CPU). 2) Also, 
when this test is executed in real-mode, the 
'386 fails to set the Present bit when the 
segment is subsequently loaded. This latter 
condition is clearly a bug in the *386. 

Test 4: Test 32-bit protected mode. 

Test 5: Test 32-bit real mode — a mode that is an 
illegal mode for the CPU. 

Test 6: Test that the Granularity bit in the descriptor 
cache register has no affect on the segment 
limit field. 

Test 7: Test execution breakpoints. 

Test 8: Test data breakpoints. 

This program was written for Microsoft MASH 5.1. 

This program contains compiler directives and branching 
techniques that might not be available on previous 
versions of the Macro Assembler, nor in competitive 
products. 


Compiler directives 


Title L0ADALL_386 

.radix 16 

.8086 


Interrupt vector segment 


ABSO segment at 0 

org 6*4 

INT_6 dd 7 

ABSO ends 


Structure definitions 


Desc_cache 

STRUC 

db 

0 

Type 

db 

7 

_CS32 

db 

0 


db 

0 

_Addr 

dd 

7 

_L1mit 

dd 

7 

Desc_cache 

ENDS 



Loadall struc STRUC 
_CrO 

dd 

0 

_Eflags 

dd 

2 

Eip 

dd 

0 

Edi 

dd 

66666666b 

"Esi 

dd 

77777777b 

~Ebp 

dd 

55555555b 

Esp 

dd 

88888888h 

_Ebx 

dd 

22222222b 
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Listing 2 — Cont’d 


Edx 


dd 


44444444h 

Resvd 

dw 0 ; Reserved-0 

Ecx 


dd 


33333333b 

INT Desc ENDS 


Eax 


dd 


llllllllh 




Dr6 


dd 


0 





Dr7 

~Tr 


dd 

dd 









0 


; Macro definitions 


Ldt 

Gs 


dd 

dd 









5555h 

Init descriptor macro segment,offset,desc name 

Fs 


dd 


4444h 

push 

ax 


Ds 


dd 


2222h 

push 

dx 


Ss 


dd 


6666h 

push 

si 


Cs 


dd 


llllh 

push 

es 


Es 


dd 


3333b 

mov 

ax,&segment 

; get segment name 

TSS Desc 


dd 


00008900h,00070000h,00000800h 

mov 

es,ax 

; to form 24 bit address 

IDT Desc 


dd 


00000000h,00000000h,000003ffh 

mov 

si,&offset 


Gdt Desc 


dd 


OOOOOOOOh, OOOOOOOOh, OOOOOOOOh 

mov 

ax.es 

point to control block 

Ldt Desc 


dd 


00008200h,00090000b,00000088b 

xor 

dh.dh 

clear upper register 

GS Desc 


dd 


00009300b,00050000b,OOOOffffh 

mov 

dl,ah 

build high byte of 32-bit address 

FS Desc 


dd 


00009300h,00040000h,0000ffffh 

shr 

dl ,4 

use only high nibble from (AX) 

DS Desc 


dd 


00009300h,00020000b,OOOOffffh 

shl 

ax,4 

strip high nibble from segment 

SS Desc 


dd 


00009300b,00060000b,OOOOffffh 

add 

ax,si 

add the GDT offset to develop low 

CS Desc 


dd 


00009b00h,OOOOOOOOh,OOOOffffh 

word 



ES Desc 


dd 


00009300b,00030000b,00fffffch 

adc 

dx,0 

adjust high byte if carry from low 

Loadall Struc ENDS 





mov 

idesc name.Base A15 A00,ax ;; low word of address 







mov 

&desc name.Base A23 A16,dl ;; high byte of address 







mov 

Adesc name.Base A31 A24,dh ;; high byte of linear address 

Descriptor STRUC 






pop 

es 


Seg limit 

dw 


? 


Segment limit 

pop 

si 


Base A15 A00 

dw 


? 


A00..A15 of base address 

pop 

dx 


Base A23 A16 

db 


? 


A16..A23 of base address 

pop 

ax 


Access rights 

db 


? 


Segment access rights 

endm 



Limit A19 A16 

db 


7 


Granularity, Op-size, 









Limit A16..A19 




Base A31 A24 

db 


7 


A24..A31 of base address 

FARJMP MACRO 

destination,selector 

dynamic JMP FAR SEG:OFF 

Descriptor ENDS 






db 

Oeah 

; jmp instruction 







dw 

offset destination 

; offset word 







dw 

selector 

; segment selector word 

INT Desc STRUC 






endm 



IGate Offset 

dw 


7 


Offset of handler 




CSEG Sel 

dw 


7 


Code segment selector 





db 


0 



LONGJMP MACRO 

destination,selector 

dynamic JMP FAR SEG:OFF 


db 


86 h 


286 Interrupt gate-16b1t 

db 

Oeah 

; jmp instruction 






CS:IP, FLAGS 

dd 

offset destination 

; offset word 


- DISTRIBUTED C - 

MODULAR DATA ACQUISITION AND CONTROL 

Modular data acquisition and control systems are easily 
assembled using DCC600 Industrial Controllers. This 
powerful building block approach allows a single IBM 
compatible computer to control and monitor thousands of 
remote I/O devices. The resulting distributed system 
effectively links serial peripherals, analog and digital 
control points. 

• 250 control nodes networked using low cost RS485 

• SDLC protocol at 62.5/375 Kbits/second 

• Expandable I/O at each control node 

• Remote programs loadable across network 

• OS/2 and DOS support software 

The DCC600 controllers provide a flexible stand alone 
control capability as well as integrated networking 
support. C applications operating on the IBM compatible 
computer have immediate access to data residing on the 
remote control nodes. 

• Programmed in C with library of control functions 

• Multi-tasking executive and remote task control 

• Symbolic remote C variable access 

• Integrated device drivers and runtime support 

• RS232, RS485 and Centronics printer support 

• OPTO-22 and Analog Devices termination panels 

Complete development support for IBM compatible systems: 

• Network Manager and Utilities for OS/2 and DOS 

• 'Tool-box' of network access routines (w/source) 

• Remote node C compiler with symbolic variable support 

• Microsoft compatible interface libraries 

• Data acquisition/presentation application programs 

To find out more on how the DCC600 will solve your data 
acquisition and control needs contact: 

DIP Industrial Products 
P.O. Box 9550 
MORENO VALLEY, CA 
92303 

Phone: 714-924-1730 
Fax: 713-924-3359 

Designed and built with American pride. 


□ Request 172 on Reader Service Card □ 


TIFF & PCX 

SDK FOR WINDOWS 3.0 


You Can Add TIFF & PCX support for your 
Windows 3.0 Application without learning 
TIFF & PCX file formats: 


TIFF SDK For Windows is a complete set of easy to use tools to 
develop TIFF 5.0 support to your application without ever having to learn the 
complexity of Tag Image File Format. Some of the features are Group 3, Group 
4, LZW, Packbit compression, color images, chained images and device 
independent bitmaps. Comes with a complete set of documentation and a 
sample program to demonstrate how to use TIFF SDK. Only $299.95 


PCX SDK For Windows is a complete set of easy to use 
tools to develop PCX file format for your application without ever 
having to learn the complexity of PCX file format. It comes with a 
complete set of documentation and a sample program with the 
source code to demonstrate how to use PCX SDK. Only $199.95 


IMAGE SDK For Windows is a complete set of functions to 
export, import, convert, rotate, invert, and manipulate bitmap 
images off or on the sreen. It comes with a complete set of 
documentation and a sample program with the source code to 
demonstrate how to use IMAGE SDK. Only $199.95 

CALL for information on NEW Windows Tools. 

TEL: (914) 764-1022 FAX:(914)764-1023 

VISA/M.C./C.O.D/CHECK 

BLACK ICE SOFTWARE INC. 

217 Cedar Hill Lane, Pound Ridge, N.Y. 10576 



□ Request 139 on Reader Service Card □ 
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Listing 2 

dw selector ;; segment selector word 

endm 


I0_DELAY MACRO 

out Oedh.ax 

endm 

LOADALL MACRO 

db 0fh,07h 

ENDM 


PRINT_STRING 

mov 

mov 

int 

ENDM 


MACRO MSG_NAME 
ah,9 

dx,offset MSGNAME 
21h 


DATA SEGMENT PARA PUBLIC 'DATA' 


Equates & local 

variables 


Protected mode 

access rights 


CS access 

equ 

10011011b 

DS_access 

equ 

1001001lb 

Text equates 

CRLF 

equ 

<0dh,0ah> 

CRLFJ 

equ 

<CRLF,'$'> 

INT6 

equ 

[bp-4] 


Loadall table(s) 


Loadall_tbl Loadall_struc o 

Machine State Loadall struc o 


Global Descriptor Table 


GDT386 Descriptor 
CSEG3 Descriptor 
DSEG3 Descriptor 
Gdt3 len equ 


<Gdt3_len-1,,,DS_access> 
<0fff?h,0,0,CS_access> 
<0ffffh,0,20h,DS access> 
$-Gdt 386 


; Interrupt Descriptor Table 

IDT 386 

INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT00 


INT Desc 

Offset 

INT01.CSEG3-GDT 

386> 

INT01 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT02 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT03 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT04 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT05 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT06 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT07 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT08 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INT09 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INTOa 

INT 

Desc 

Offset INT13.CSEG3-GDT 386> ; INTOb 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INTOc 


INT Desc 

Offset 

INT13.CSEG3-GDT 

386> 

INTOd 

IDT3_Ler 

equ 

$-IDT_386 




Mi sc. local variables 

Mem buffer 

db 

400h dup (0) 

; Store 2M mem. 

BufTer 

db 

40h dup (0) 


Buffer2 

dw 

lOh dup (0) 


RM IDT3 Ptr 

dw 

(256d*4)-1 

; Real-mode IDT 


dd 

0 

; pointer 


dw 

0 


String Messages 


t 

Passed 

db 

" PASSED.",CRLFJ 

Failed 

db 

"~> FAILED <—",CRLFS 

Not 386 db 

"Not 80386 class computer.",CRLFJ 

Rmvd 

db 

"LOADALL removed from 80386 mask.",CRLFJ 

RFail 

db 

"Registers weren't loaded correctly." 

LF 

db 

CRLFJ 


I'm doing this wierd string definition technique to limit the 
page width to 64 characters. 


— Cont’d 


Test 1 
db 

label 

■Test 

word 

1: Testing 

386 LOADALL instruction: 

-.24 

Test 2 
db 

label 

"Test 

word 

2: Testing 

extended memory in real mode: 

-.24 

Test 3 
db 

label 

■Test 

word 

3: Testing 

Present BIT in descriptor: 

",24 

Test 4 
db 

label 

"Test 

word 

4: Testing 

32-bit protected mode: 

".24 

Test 5 
db 

label 

■Test 

word 

5: Testing 

32-bit real mode: 

" ,24 

Test 6 
db 

label 

"Test 

word 

6: Testing 

Granularity BIT: 

" ,24 

Test 7 
db 

label 

■Test 

word 

7: Testing 

Execution breakpoints: 

" ,24 

Test 8 
db 

label 

■Test 

word 

8: Testing 

byte, write, data breakpoints: 

\24 

_DATA 

ENDS 




TEXT SEGMENT PARA PUBLIC 'CODE' 

ASSUME CS: TEXT, ds: DATA, ES: DATA, SS:STACK 
.386P 



A little CS-relative data for the stack pointer. This is 
to avoid using other kludge techniques, caused by using 
LOADALL, that make using the data segment undesirable. 


Stack_ptr dd 0 

dw 0 


L0ADALL_386 

proc far 


PUSH 

DS 

; Setup the stack to 

X0R 

AX,AX 

; return to DOS 

PUSH 

AX 


MOV 

AX, Data 


MOV 

DS,AX 


MOV 

ES.AX 


; Check CPU type 

Call 

CPU Type 

; 386, 486? 

cmp 

ax,3 

; 386? 

je 

short @F 

; yep 

Print String LF 


Print String Not 386 


retf 


; go split 

enter 

4,0 

; create stack frame 

mov 

word ptr INT6,offset 

INT6 handler 

mov 

INT6+2,cs 


cal 1 

set INT6 vector 

; set our INT6 handler 

cli 



Call 

Save State 



Print_String LF 
Print_String Test_l 

Init_descriptor <seg Gdt_386>,<offset Gdt_386>,Gdt_386 
Init_descriptor cs, 0.CSEG3 


TEST1: 16-bit Real mode 

Test general purpose registers 

Test Segment registers 

Test Descriptor cache base address 

(1) Setup LOADALL structures, and pointers 

(2) Execute LOADALL 

(3) Verify results of the test 


mov 

eax.cs 

; Prepare a 

32-bit 

shl 

eax,4 

; physical 

address that 


is put in the LOADALL 
CS descriptor cache. 


mov 

Loadall_tbl.CS_Desc. 

_Addr,eax 

mov 

eax.crO 

; Initialize CRO in the 


eax,0fffffff0h 

; LOADALL data table 

mov 

Loadall tbl. CRO.eax 

; DR6, DR7, EIP 

mov 

eax,dr6 


mov 

ebx,dr7 
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Listing 2 

—Cont’d 

mov 

Loadall tbl. DR6,eax 




mov 

Loadall tbl. DR7,ebx 



GG: mov ax, Data 

mov 

Loadall tbl. EIP,offset Verify State 


mov ds,ax 

mov 

dword ptr cs:stack ptr.esp ; save SS:ESP 


mov es,ax 

mov 

word ptr cs:stack ptr[4],ss 


lss esp.fword ptr cs:stack ptr 

mov 

edi,offset loadalT tbl 


FARJMP <GF>,<seg Text> 

LOADALL 




GG: Print String failed 

nop 


; If LOADALL is removed 


Print String RFail 

Print String failed 

; from the CPU mask, 


jmp loadall ret 

Print String Rmvd 

; then fall through 





; to here. 




Loadall RET: 





LOADALL passed 

call 

Restore state 





call 

set int6 vector 



Loadall test: 

leave 




Print String passed 

retf 






Verify_State: 

; Verify that LOADALL worked 



TEST2: Access extended memory while in real mode (G 2M). 


This is where 

we land for the first 

test of '386 LOADALL. 



(1) Fill in LOADALL structure with "reasonable" values 


The purpose of this test is to verify that all the general 



(2) Save contents of extended memory 


purpose registers get loaded correctly. Specifically, we are 



(3) Write data pattern in extended memory 


testing to verify that all segment registers contain values 



(4) Set LOADALL registers used by this test 


that don't correspond to the memory addresses they appear to 



(5) LOADALL 


be pointing to. In other words, we 

are checking that the 



(6) Verify results 


that the segment registers have one 

value, while their 



(7) Restore original data in extended memory 


associated hidden descriptor cache 

registers have different 





values. 












In this test, I'll access extended memory while in real mode. 

cmp 

eax.llllllllh 

; Test EAX 



I'll assume the computer has at least 2M of memory. By 

jne 

GF 




assuming 2M, I don't need to enable A20 on the CPU bus, since 

cmp 

ebx,22222222h 

; Test EBX 



memory G 2M doesn't assert A20. 

jne 

GF 





cmp 

ecx,33333333b 

; Test ECX 



Fill LOADALL structure with more reasonable values. 

jne 

GF 





cmp 

edx,44444444h 

; Test EDX 


mov Loadall tbl. EAX,0 

jne 

GF 



mov Loadall tbl. EBX,0 

cmp 

ebp,55555555h 

; Test EBP 


mov Loadall tbl. ECX,0 

jne 

GF 



mov Loadall tbl. EDX,0 

cmp 

edi,66666666h 

; Test EDI 


mov Loadall tbl. EBP,0 

jne 

GF 



mov Loadall tbl. ESP.esp 

cmp 

esl,77777777b 

; Test ESI 


mov Loadall tbl. CS.cs 

jne 

GF 



mov Loadall tbl. DS.ds 

cmp 

esp,88888888h 

; Test ESP 


mov Loadall tbl. ES,es 

jne 

short GF 



mov Loadall tbl. FS,8000h 

mov 

ax.cs 

; Test CS 


mov Loadall tbl. GS,8000h 

cmp 

ax.llllh 



mov Loadall tbl. SS.ss 

jne 

short GF 




mov 

ax,ds 

; Test DS 




cmp 

ax,2222h 




Load segment descriptor cache registers: 

jne 

short GF 




DS*ES * DATA segment 

mov 

ax.es 

; Test ES 



FS-GS - 80000h (8000:0) 

cmp 

ax,3333h 




SS » STACK segment 

jne 

short GF 





mov 

ax,fs 

; Test FS 


mov ax.ds 

cmp ax,4444h 



movzx eax.ax 

jne 

short GF 



shl eax,4 

mov 

ax.gs 

; Test GS 


mov bx.ss 

cmp 

ax,5555h 



movzx ebx.bx 

jne 

short GF 



shl ebx,4 

mov 

ax,ss 

; Test SS 


mov Loadall tbl.DS Desc. addr.eax 

cmp 

ax,6666h 



mov Loadall tbl.ES Desc. addr.eax 

jne 

short GF 



mov Loadall tbl.FS Desc. addr,80000h; 

cmp 

dword ptr ds:[0],02020202b ; Test DS Desc Cache 


mov Loadall tbl.GS Desc. addr,80000h 

jne 

short GF 



mov Loadall tbl.SS Desc. addr.ebx 

cmp 

dword ptr es:[0],03030303h ; Test ES Desc Cache 



jne 

short GF 





cmp 

dword ptr fs:[0],04040404h ; Test FS Desc Cache 



Slip into protected mode to save the contents of memory G 2M, 

jne 

short GF 




and write a test pattern into that memory. 

cmp 

dword ptr gs:[0],05050505h ; Test GS Desc Cache 




jne 

short GF 



Print String Test 2 

cmp 

dword ptr ss:[0],06060606h ; Test SS Desc Cache 


lgdt fword ptr Gdt 386 ; Load the GDT 

jne 

short GF 



mov ebx.crO ; enter protected mode 

mov 

ax, Data 

; Reset segment regs. 


or bl,1 

mov 

ds,ax 



mov crO.ebx 

mov 

es,ax 



FARJMP <GF>,<CSEG3-Gdt 386> 

lss 

esp.fword ptr cs:stack ptr ; Reset SS:ESP 



FARJMP 

<Loadall_test>,<seg 

Iext> ; Continue 


GG: mov dx,DSEG3-Gdt 386 ; Get segment selector 





mov ds.dx ; for DS G 2M 






mov cx,400h / 4 


Loadall failed the REGISTERS test. 



mov si,0 
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Listing 2 — Cont’d 


mov 

di,offset Mem buffer 


rep 

movsd 

; Save memory 

mov 

eax,5aa5aa5ah 

; Test pattern 

mov 

cx,400h / 4 


mov 

di ,0 


mov 

es,dx 

; ES - 2M 

rep 

stosd 

; Store test pattern 

and 

bl,not 1 

; exit protected mdoe 

mov 

crO.ebx 


FARJMP 

<@F>,<_TEXT> 


LOADALL- 

image registers used by this test 


mov 

ax,_data 



mov 

ds,ax 



mov 

es,ax 



mov 

Loadall tbl. EAX,5aa5aa5ah ; 

Test 

pattern 

mov 

Loadal1~tbl.~ECX,400h / 4 ; 

# of 

DWORDS 

mov 

Loadall tbl. ESI,offset Mem buffer 


mov 

Loadall tbl. EDI,Oh ; 

ES:0 


mov 

Loadall_tbl.~EIP,offset 8F ; 

EIP 


mov 

Loadall tbl.ES_Desc._Addr,200000b 


; 2M 

mov 

edi,offset loadall_tbl 



LOADALL 





Check memory for a match of the pattern 



repz 

scasd 

data match? 


mov 

bx,_Data 

ES still points to 2M, 


mov 

ds,bx 

so I can reset DS and 


mov 

cx,400h / 4 

restore the original 


mov 

di ,0 

contents @ 2M without 


rep 

movsd 

changing ES. 


mov 

es,bx 

Set ES to real mode 


lss 

esp.fword ptr cs:stack ptr ; Restore SS:ESP 


FARJMP 

<@F>,<_TEXT> 

; Must jump to R/W CS 


jz 

short @Test2_Pass 



PRINT_ 

STRING failed 



jmp 

short @Test3 


@Test2_ 

Pass: 




PRINT STRING passed 



TEST3: Test that the Present bit gets loaded w/out exception, 
but when a segment is accessed INT13 get generated. 

(1) Load GDT & IDT pointers into LOADALL table 

(2) Set PM bit, CS selector, EIP offset, clear P bit 

(3) LOADALL 

(4) Verify Results 


@Test3: Print_String Test_3 


Initialize 

the GDT & IDT descriptor cache 


mov 

eax,Loadall tbl.DS Desc. Addr 


mov 

ebx.eax 


mov 

Loadall tbl.ES Desc. Addr,eax 


add 

eax,offset Gdt 386 


add 

ebx,offset Idt 386 


mov 

Loadall tbl.GDT Desc. Addr,eax 


mov 

Loadall tbl.GDT Desc. Limit,Gdt3 

len-1 

mov 

Loadall tbl.Idt Desc. Addr,ebx 


mov 

Loadall_tbl.Idt_Desc._Limit,Idt3_ 

len-1 

or 

Loadall tbl. CR0,1 ; 

set PM bit 

mov 

Loadall tbl. ESI,0 


mov 

Loadall tbl. CS,CSEG3-Gdt 386 ; 

CS selector 

mov 

Loadall tbl. EIP,offset 0Test Present 

and 

Loadall tbl.GS Desc. Type,7fh ; 

clear Present 

mov 

edi.offset loadall tbl ; 

bit in GS 

LOADALL 



@Test Present: 


mov 

si,gs:[si][2] 

; choose this because 
; it's a 4-byte instr. 

Lidt 

fword ptr RM_IDT3_Ptr 

; Restore real-mode IDT 

mov 

eax.crO 

; Exit protected mode. 

and 

al.not 1 


mov 

crO.eax 


FARJMP 

<@F>,<_TEXT> 

; Return to R/W, real- 
; mode code segment 

test 

si .1 

; pass test? 

jnz 

short @F 

; yep 

Print_String failed 



jmp short @Test4 
Print String passed 


TEST4: Test 32-bit Protected Mode operation 

(1) Set LOADALL operand size, PM bits, and EIP offset 

(2) LOADALL 

(3) Verify Results 


@Test4: Print_String Test_4 


Perform 32-bit protected mode test 


or Loadall_tbl.CS_Desc._CS32,40h ; CS32 bit 

mov Loadall_tbl._EDI,offset Loadall_tbl 

mov Loadall tbl._EIP,offset PM32 

LOADALL 


This test uses a simple technique to determine if we are in 

32-bit mode or 16-bit mode: 

In 16-bit mode, this code will be executed as: 
mov si,1234h 

nop 
nop 

In 32-bit mode, this code will be executed as: 

mov esi,90901234b ; The two NOP's are absorbed 

; into the 32-bit operand. 


In 16-bit mode, this code will be executed as: 
mov di,1234h 
nop 
nop 

In 32-bit mode, this code will be executed as: 
mov edi,90901234b 


PM32: mov si,1234h 

nop 
nop 


Now, we need to exit 32-bit mode gracefully. In order to do 
that, we need code that will generate predictable results in 
both 32-bit, and 16-bit mode. If we are in 32-bit mode, then 
the following compiled code will behave as documented under 
the '32-bit mode' column. If we failed to enter 32-bit mode, 
then the following compiled code will behave as documented 
under the '16-bit mode' column. In order to exit gracefully, 
we need to know which mode we are in! Hence the following 
code to detect itl: 


16-bit mode 

32-bit mode 


push 

ax 

push 

eax 


mov 

ax, si 

mov 

eax,esi 


shr 

ax,10h 

shr 

eax,10h 

; AX-9090 if in 32-bit 
; AX-0 if in 16-bit 

cmp 

al,90h 

cmp 

al,90h 

; PASS-32-bit, FAIL-16-bit 

pushf 


pushf 


; save results for later 

shl 

ax,10h 

shl 

eax,lOh 

; EAX-90900000 if in 32-bit 

mov 

si ,ax 

mov 

esi,eax 

; ESI-90900000 if in 32-bit 
; ESI-66660000 if in 16-bit 

popf 


popf 


; restore ZF 

pop 

ax 

pop 

eax 



So, the result of this code is to exit 32-bit mode if we got 
there, and to keep going in 16-bit mode if we didn't. 


push 

ax 

; See the above 

mov 

ax,si 

; explanation on how 

shr 

ax,10h 

; this code works 

cmp 

al ,90h 


pushf 

shl 

ax,10h 


mov 

si ,ax 


popf 



pop 

ax 


jne 

short @No PM32bitCS 


or 

si ,1 

; set SI if 32-bit mode 


32-bit JUMP instruction, to transfer control back to a 16-bit 
segment 
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Listing 2 — Cont’d 


LONGJMP 

<@F>,<CSEG3-GDT 386> 

; Construct 32-bit far 



; JMP 

@No PM32bitCS: 


; FAR JUMP if stuck in 

FARJMP 

<@F>,<CS EG3-GDT_386> 

; 16-bit mode. 

Lidt 

fword ptr RM IDT3 Ptr 

; Restore real-mode IDT 

mov 

eax.crO 

; Exit protected mode. 

and 

al,not 1 


mov 

crO,eax 


FARJMP 

<@F>,< TEXT> 

; Jump to real-mode 



; code segment 

mov 

ax, Data 

; Restore real-mode 

mov 

ds,ax 

; segment registers 

mov 

es.ax 


test 

si ,1 

; 32-bit mode passed? 

jnz 

short @F 

; yep 

Print String failed 


jmp 

short @Test5 


Print_String passed 


; TESTS: Test 

32-bit real-mode operation 

; (1) Clear operand size, PM bits, and 

set EIP offset 

; (2) LOADALL 



; (3) Verify Results 


; (4) Get the h&*@l out of 32-bit real- 

mode 

; Test 32-bit real-mode operation. Make 

sure we can put the 

; processor in 

an illegal state: 32-bit 

real-mode. 

@Test5: Print String Test 5 


and 

Loadall tbl. CRO.not 1 

; disable PM bit 

and 

Loadall tbl.CS Desc. Type,not 8 ; make CS R/W 



; Data segment 

mov 

Loadall tbl. EIP,offset 

RM32 ; Load EIP 

LOADALL 



; This test uses the exact same technique documented in TEST4. 

; See TEST4 for an explanation of these 

next two code sections. 

RM32: mov 

si,1234h 


nop 



nop 



See TEST4 for 

an explanation of this code section. 

push 

ax 

; See the above 

mov 

ax,si 

; explanation on how 

shr 

ax,10h 

; this code works 

cmp 

al,90h 


pushf 



shl 

ax,10h 


mov 

si ,ax 


popf 



pop 

ax 



Now getting out of 32-bit real mode is a bit more complicated 
than you may think. According to Intel, the internal 
descriptor cache registers get re-loaded with default values 
each time the segment is loaded. But the operand size bit in 
the CS descriptor cache doesn't get cleared in a long jump. 

So, to program around this, I need to either execute LOADALL 
again, or go to protected mode, jump to a 16-bit code segment, 
then go back to real mode. I think I will do the latter. 


jne 

short @RM32 Fail 

; Do something else 

mov 

eax.crO 

; Enter protected mode 

or 

al ,1 


mov 

crO.eax 


LONGJMP 

<@F>,<CSEG3-GDT_386> 

; To 16-bit CS 

Lidt 

fword ptr RM IDT3 Ptr 

; Reload real-mode IDT 

and 

al,not 1 

; Exit protected mode 

mov 

crO.eax 



FARJMP <@RM32_Pass>,<seg _text>; Back to real-mode CS 
@RM32_Fail: 

Print_String failed 

jmp short @Test6 

@RM32_Pass: 

mov ax,_Data 

mov ds,ax 

mov es,ax 

Print_String passed 


TEST6: Test Granularity bit. Test that the granularity bit 
in the descriptor cache has no effect on the limit 
field of the descriptor cache. This is a three-part 
test. First, by setting G«1 in a segment descriptor 
cache whose limit-64k should cause an exception. 
Second, ES_LIMIT*16M-4. This LIMIT can't ever be 
generated under program control. So we simply need 
to access memory @ 16M-8 to verify this test. If 
an exception gets generated, then the test failed. 
Third, try to access memory @ 16M-4. If an exception 
ISN'T generated, then the test failed. 

(1) Set Present, Granularity bits, and EIP offset 

(2) LOADALL 

(3) Verify results 


Test Granularity bit: Test that G*1 has no effect in the 
descriptor cache register. In the GS descriptor cache, I set 
the 1imit*64k. If G*1 has any effect on this field, then the 
following memory access will pass. We want it to fail, and 
generate an exception-13. 


§Test6: Print_String Test_6 



or 

Loadall_tbl._CR0,1 

; set PM bit 


or 

Loadall_tbl.GS Desc 

. Type,80h ; set P»1 


or 

Loadall_tbl.GS Desc 

. CS32,80h ; set G-l 


and 

Loadall tbl.CS Desc 

. CS32,0bfh ; clear CS32 bit 


mov 

Loadall tbl. EIP,offset @Test Gran 


LOADALL 



GTest Gran: 




mov 

esi.lOOOOh 

; should generate exc. 


mov 

si,gs:[esi] 



shl 

si .1 

; save results 


mov 

esi,0fffff8h 

; 16M-8 


mov 

si,es:[esi] 

; shouldn't generate exc 


shl 

si ,1 



mov 

esi.Offfffch 

; 16M-4 


mov 

si,es:[esi] 

; should generate exc. 


add 

esi ,4 



Lidt 

fword ptr RM IDT3 Ptr ; Restore real-mode IDT 


mov 

eax.crO 



and 

al.not 1 



mov 

crO.eax 



FARJMP 

<@F>,<_TEXT> 



and 

si, 7 



cmp 

si.5 

; pass test? 


jnz 

short @F 

; yep 


Print String failed 



jmp 

short @Test7 



Print_String passed 



The following two expamples show how to use the debug 
registers to generate execution and data break points. They 
are included in this program because they use LOADALL to set 
DR7. Forgive the fact that they are poorly documented. 


TEST7: Test execution breakpoints through debug registers. 

(1) Clear granularity bit, set ES_LIMIT«64k, set EIP offset 

(2) Set breakpoint qualifiers 

(3) LOADALL 

(4) Generate execution breakpoints 


; Reload real-mode 
; segment registers 
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Listing 2 — Cont’d 


(5) Verify results 


@Test7: Print_String Test_7 

and Loadall_tbl.GS_Desc._CS32,7fh ; set G-0 

mov Loadall_tbl.ES_Desc._Limit,Offffh; limit*64k 

mov Loadal1 tbl. eTp, offset Test DRO 


Set a series of execution break points in the debug registers. 

mov 

bx.cs 

movzx 

ebx.bx 

shl 

ebx,4 

lea 

eax,[ebx][dword ptr Test_DrO] 

mov 

drO.eax 

lea 

eax,[ebx][dword ptr Test DR1] 

mov 

drl.eax 

lea 

eax,[ebx][dword ptr Test DR2] 

mov 

dr2,eax 

lea 

eax,[ebx][dword ptr Test_DR3] 


mov dr3,eax 

mov Loadal 1 tbl. DR7,0aah ; enable all code 


; breakpoints 

LOADALL 

Test_DR0: 

nop 

Test_DRl: 

nop 

Test_DR2: 

nop 

Test_DR3: 

nop 

Lidt 
mov 
and 
mov 
FARJMP 

and si,0fh 

cmp sl.Ofh 

je short @F 

Print_String failed 

jmp @Test8 

Print String passed 


TEST8: Test byte-size data write breakpoints 

(1) Set EIP offset 

(2) Set breakpoint qualifiers 

(3) LOADALL 

(4) Generate data breakpoints 

(5) Verify results 


@Test8: Print_String Test_8 


mov 

Loadall_tbl 

. EAX,55h 

mov 

Loadall_tbl 

._ECX,40h 

mov 

Loadall_tbl 

. EDI,offset Buffer 

mov 

Loadal1 tbl 

._EIP,offset @Test_DRBW 

mov 

bx,ds 


movzx 

ebx.bx 


shl 

ebx,4 


lea 

eax,[ebx][Dword ptr Buffer][3] 

mov 

drO.eax 


add 

eax.lOh 


mov 

drl.eax 


add 

eax,10h 


mov 

dr2,eax 


add 

eax,10h 


mov 

dr3,eax 


mov 

Loadal1 Tbl 

._DR7,111102aah 

LOADALL 




@Test_DRBW: 

rep stosb 

Lidt fword ptr RM_IDT3_Ptr 

mov ebx.crO 

and bl.not 1 

mov crO.ebx 

FARJMP <@F>,<seg _text> 


@T7P: cmp 

dx,4 

; INT01 4 times? 

jne 

@B 


Print_String passed 


@Test9: 



jmp 

Loadal l_ret 


LOADALL_386 

endp 


; Minimal exception 13 handler that points past a 4-byte opcode, 

; and sets the 

lowest bit in DI before returning. 

INT13 

label word 


push 

bp 


mov 

bp.sp 


add 

word ptr [bp] [4], 4 


or 

si ,1 


pop 

bp 


add 

sp,2 


iret 



INT01: 

; Inti trap routine 


; Interprets breakpoint type, and sets 

a flag 

inc 

dx 


push 

bp 


mov 

bp.sp 


mov 

buffer2[bx],cx 


add 

bx,2 


push 

eax 


push 

ebx 


push 

ecx 


mov 

eax,dr6 


mov 

ecx,eax 


mov 

ebx,dr7 


shr 

ebx.lOh 

; get length encodings 

test 

ah,20h 

; debug register access attempt? 

jnz 

@DR Attempt 

; yep 

shr 

al,T 

; DRO? 

jc 

0DRO 


shr 

al.l 

; DR1? 

jc @DR1 


shr 

al ,1 

; DR2? 

jc 

0DR2 


8DR3: or 

si ,8 


and 

cl,not 8 


test 

bh,30h 

; code, or data? 

jz 

@Fault 


jmp 

short @Trap 


@DR2: or 

si, 4 


and 

cl,not 4 


test 

bh,03h 

; code, or data? 

jz 

@Fault 


jmp 

short @Trap 


@DR1: or 

si,2 


and 

cl,not 2 


test 

bl,30h 

; code, or data? 

jz 

@Fault 


jmp 

short @Trap 


@DR0: or 

si ,1 


and 

cl.not 1 


test 

bl,03h 

; code, or data? 

jz 

@Fault 


jmp 

short @Trap 


@Fault: add 

word ptr [bp][2],1 


mov 

dr6,ecx 


@Trap: pop 

ecx 


pop 

ebx 


pop 

eax 


pop 

bp 


iret 



@Dr Attempt: 



push 

bp 


add 

word ptr [bp] [2],3 


pop 

bp 


iret 




fword ptr RM_IDT3_Ptr ; Restore real-mode IDT 
eax.crO ; exit protected mode 

al.not 1 
crO.eax 

<@F>,<seg _text> 


; pass all breakpoints? 
; yep 


and si.Ofh 

cmp si.Ofh 

je short §T7P 

Print_String failed 
jmp @Test9 


; pass all breakpoints? 

; yep 


Save state proc near ; Save the machine state before LOADALL 


push eax 
push ds 
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Listing 2 —Cont’d 


mov 

mov 

mov 

mov 

mov 

movsd 

mov 

sub 

sub 

mov 

add 

mov 

movsd 

mov 


di,offset Machine_State.GS_Desc 
ax,5000h ; GS descriptor 

ds.ax 

ebx,05050505b 


sub 


ax 


sub 

mov 

add 

mov 

movsd 

mov 

add 

add 

mov 

add 

mov 

movsd 

mov 

sub 

sub 

mov 

add 

mov 

movsd 

mov 

pop 

mov 

mov 

pushfd 

pop 

mov 

pop 

mov 

mov 

mov 

mov 

mov 

mov 

mov 


dword ptr [si-4],ebx 

ax,1000h 
ebx,01010101h 
si ,0 
di ,8 
ds.ax 

dword ptr [si-4],ebx 
,2000b 

ebx.02020202b 
si .0 
di .8 
ds.ax 

dword ptr [si-4],ebx 
ax,4000h 
ebx.04040404b 
si .0 
di .8 
ds.ax 

dword ptr [si-4],ebx 
ax,3000b 
ebx.03030303b 
si ,0 
di,14h 
ds.ax 

dword ptr [si-4],ebx 
ds 

eax.crO 

Machine_State._CR0,eax 
eax 

Machine_$tate._Ef1ags,eax 
eax 


FS descriptor 


DS descriptor 


SS descriptor 


ES descriptor 


Machi ne_ 
Machi ne_ 
Machi ne_ 
Machi ne_ 
Machi ne_ 
Machi ne_ 
Machine 


State. 

State. 

State. 

State. 

State. 

State. 

State. 


EDI.edi 
ESI,esi 
EBP.ebp 
'EBX, ebx 
EDX,edx 
ECX,ecx 
‘EAX, eax 


Restore_state proc near 
Restore the machine state after LOADALL 


add 


mov 

mov 

mov 

mov 

mov 

mov 

movsd 

sub 

si ,8 
mov 
mov 
movsd 
sub 
add 
mov 
mov 
movsd 
add 
add 
mov 
mov 
movsd 
sub 
add 
mov 
mov 
movsd 
mov 
mov 
mov 
mov 
mov 
mov 
mov 
mov 
mov 
push 
popfd 
mov 
mov 
mov 
mov 
mov 
mov 
mov 
mov 
mov 


ax,_data 

ds.ax 

ax,5000h 

es.ax 

si,offset Machine_ 
di ,0 

ax.lOOOh 

t 

di ,0 
es.ax 

ax,2000h 
si ,8 
di ,0 
es.ax 

ax,4000h 
si,8 
di ,0 
es.ax 

ax,3000h 
si,14h 
di ,0 
es.ax 

eax,Machine_State. 
es.ax 

eax,Machine_State. 
ds.ax 

eax,Machine_State. 
fs.ax 

eax,Machine_State. 
gs.ax 

eax,Machine_State. 
eax 


; GS 

State.GS_Desc 

; fs 

; DS 

; SS 


I ES 


ES 

DS 

FS 

GS 

Eflags 


eax,Machine_ 
crO.eax 
eax,Machine_ 
ecx,Machine_ 
edx,Machine_ 
ebx,Machine_ 
ebp,Machine_ 
esi .Machi ne_ 
edi.Machine 


State. CRO 


State. 

State. 

State. 

State. 

State. 

State. 

State. 


EAX 

'ECX 

'edx 

'ebx 

'EBP 

'ESI 

'EDI 


mov 

ax.gs 

ret 

“ ~ 

movzx 

eax,ax 

Restore State 

endp 

mov 

Machine State. GS.eax 

“ 

mov 

ax.fs 



mov 

Machine State. FS.eax 



mov 

ax.ds 

: Include the CPU TYPE procedure & LOADALL test 

mov 

Machine State. DS.eax 



mov 

ax.es 

Include 

CPU TYPE.ASM 

mov 

Machine State. ES.eax 



ret 


text ends 


state 

endp 





stack 

segment para stack 'stack' 



db 

400h dup (0) 



stack 

ends 



end 

L0ADALL_386 



; End of File 
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Listing 3 


Page 60,132 


EMULOAD.ASM Copyright (c) 1991 Robert Collins 

This utility uses '386 LOADALL to emulate '286 LOADALL. 
All 16-bit registers are zero-extended to 32-bit 
registers. All 24-bit physical addresses are zero- 
extended to 32-bit registers. '386-speclflc registers 
not used In '286 LOADALL are either set to the current 
values (Debug registers), or zeroed (segment registers) 


This program assumes that you have run the '386 LOADALL 
test prior to Installing this TSR. Obviously If LOADALL 
has been removed from the '386 mask, then this program 
will never work. Likewise, it Is easier for me to 
document the need to run the LOADALL test program, than 
to incorporate it into this code. 


EMULOAD returns ERROR codes to DOS that can be 
intecepted by the batch file command 'IF ERRORLEVEL'. 
The following ERRORLEVEL codes are generated by this 
program: 

0 ■ EMULOAD driver now Installed In memory 

1 - Attempted removal of the EMULOAD driver from 

memory failed because EMULOAD was not In already 
in memory. 

2 ■ The EMULOAD driver was already in memory when an 

attempt was made to install it again. 

3 - Bogus command line argument(s). 

4 - Help requested. 

5 - The EMULOAD driver was sucessfully removed from 

memory. 

6 * Can't Install the EMULOAD driver because this 

computer Isn't an 80386. 


Compilation Instructions: 

MASM EMULOAD; (MASM 5.1) 

LINK EMULOAD; 

EXE2BIN EMULOAD EMULOAD.COM 
DEL EMULOAD.EXE 

The resultant EMULOAD.COM file Is 1473 bytes, while the 
TSR portion is 1072 bytes. 


Compiler directives 


Title EMULOAD 

.radix 16 

.8086 


Interrupt vector segment 


ABSO segment at 0 
org 6*4 

INT_6 dd ? 

org 800h 

Loadal1_286 dd ? 

ABSO ends 


Structure definitions 


Desc cache2 

STRUC 


; 80286 Descriptor cache 

A15 A00 

dw 

7 

; register layout. 

A23 A16 

db 

7 


Type2 

db 

7 


Limit2 

dw 

7 


Desc cache2 

ENDS 




Desc cache3 

STRUC 


; 80386 Descriptor cache 

_Access 

db 

0 

; register layout 

Type 

db 

7 


_CS32 

db 

0 



db 

0 


_Addr 

dd 

7 


_Limit 
Desc cache3 

dd 

ENDS 

7 



Loadal1 struc2 STRUC 

; 80286 LOADALL table 

dw 

3 dup (?) ; RESERVED 



_286Msw 

dw 

7 



MSW 




dw 

7 

dup 

(?) 

RESERVED 



_286Tr 

dw 

7 



TR 



Flags 

dw 

7 



FLAGS 



286 Ip 

dw 

7 



IP 



~286Ldt 

dw 

7 



LDT 



~286Ds 

dw 

7 



DS 



286Ss 

dw 

7 



SS 



286Cs 

dw 

7 



CS 



~286Es 

dw 

7 



ES 



~286Di 

dw 

7 



DI 



“286S1 

dw 

7 



SI 



286Bp 

dw 

7 



BP 



~286Sp 

dw 

7 



SP 



286Bx 

dw 

7 



BX 



286Dx 

dw 

7 



DX 



~286Cx 

dw 

7 



CX 



"286Ax 

dw 

7 



AX 



ES Desc286 

dw 

3 

dup 

(?) 

ES Desc. 

Cache 


CS~Desc286 

dw 

3 

dup 

(?) 

CS Desc. 

Cache 


SS~Desc286 

dw 

3 

dup 

(?) 

SS Desc. 

Cache 


DS~Desc286 

dw 

3 

dup 

(?) 

DS Desc. 

Cache 


Gdt Desc286 

dw 

3 

dup 

(?) 

GDTR 



Ldt Desc286 

dw 

3 

dup 

(?) 

LDTR 



Idt_Desc286 

dw 

3 

dup 

(?) 

IDTR 


TSS 

Desc286 dw 


3 dup 

(?) 


TSSR 


Loadal1 

"Struc2 ENDS 







Loadal1 

struc3 STRUC 








"_CrO 

dd 

7 



EAX 



Eflags 

dd 

7 



EFLAGS 



"Eip 

dd 

7 



EIP 



Edi 

dd 

7 



EDI 



_Esi 

dd 

7 



ESI 



_Ebp 

dd 

7 



EBP 



"Esp 

dd 

7 



ESP 



Ebx 

dd 

7 



EBX 



~Edx 

dd 

7 



EDX 



~Ecx 

dd 

7 



ECX 



"Eax 

dd 

7 



EAX 



Dr6 

dd 

7 



DR6 



Dr7 

dd 

7 



DR7 



~Tr 

dd 

7 



TR 



Ldt 

dd 

7 



LDT 



"Gs 

dd 

7 



GS 



"Fs 

dd 

7 



FS 



~Ds 

dd 

7 



DS 



“Ss 

dd 

7 



SS 



"Cs 

dd 

7 



CS 



Es 

dd 

7 



ES 



TSS Desc 

dd 

3 

dup 

(?) 

TSSR 



IDT_Desc 

dd 

3 

dup 

(?) 

IDTR 



Gdt_Desc 

dd 

3 

dup 

(?) 

GDTR 



Ldt Desc 

dd 

3 

dup 

(?) 

LDTR 



GS Desc 

dd 

3 

dup 

(?) 

GS Desc. 

Cache 


FS Desc 

dd 

3 

dup 

(?) 

FS Desc. 

Cache 


DS Desc 

dd 

3 

dup 

(?) 

DS Desc. 

Cache 


SS~Desc 

dd 

3 

dup 

(?) 

SS Desc. 

Cache 


CS~Desc 

dd 

3 

dup 

(?) 

CS Desc. 

Cache 


ES_Desc 

dd 

3 

dup 

(?) 

ES Desc. 

Cache 



dd 

Oah dup (7) 

RESERVED 


Loadal1 

_Struc3 ENDS 







INT_VEC 

STRUC 








int_offset 

dw 

7 






int segment 

dw 

7 





INT_VEC 

ENDS 








Equate definitions 


L0ADALL286 

equ 

050fh 

CRLF 

equ 

<0dh,0ah> 

CRLFS 

equ 

<0dh,0ah,'$'> 

INT6 

equ 

[bp-4] 


Macro definitions 


LOADALL_386 MACRO 

“db 0fh,07h 

ENDM 


PRINT_STRING MACRO MSG_NAME 
mov ah,9 

mov dx,offset MSG NAME 

int 21h 

ENDM 
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Listing 3 

_TEXT SEGMENT PARA PUBLIC 'CODE' 

Assume CS: TEXT, DS: TEXT, ES: TEXT, SS:_TEXT 

Org lOOh 

.386p 

Emulate 286 Loadall Proc Far 


jmp EMULOAD ; goto beginning instruction 


Align 4 

; Local Data 

Loadall_tbl 

Loadall_Struc3 o 

emuload_msg 

db “80286 LOADALL EMULATOR utility.\CRLF 
db “Version 1.0 Only for 80386 computers." 
db CRLF 

db “Copyright (c) 1991 Robert Collins." 
db CRLF$ 

emu msg_len 

equ $-emuload_msg 

align 4 


; TSR Code begins here as an INT06 replacement. 

Int06: push 

bp 

mov 

bp,sp 

push 

si 

push 

ds 

Ids 

si,[bp][2] ; get CS:IP of bogus 


; opcode 

cmp 

word ptr [si].L0ADALL286; was it LOADALL? 

jne 

@Not LOADALL ; nope 

mov 

di ,0 

mov 

ds.di 

mov 

di ,cs 

mov 

es.di 

mov 

edi,offset Loadall_tbl 

Assume DS:ABS0 

ES:_TEXT, SS:NOTHING 

; Convert 80286 registers to 80386 counterparts. The sequencing 

; order follows 

the 80386 LOADALL table. 

; While mapping MSW to CR0, bit5 in CR0 is documented as 
; RESERVED on the '386 DX, and '1' on the '386 SX. Bit6 is 
; defined as 'NE' (Numeric Exception) on the '486. If we wanted 
; this code to work on the '486, then we should mask the lower 
; nibble of MSW with CR0. But the '486 doesn't have LOADALL, 

; so this isn't 

necesary. Next consider the Reserved bit5 on 

; the '386 DX. 

Since LOADALL completely redefines the CPU 

; state, it is 

safe to clear this reserved bit instead of 

; masking it with MSW. 


mov 

eax.crO 

; MSW 

—> CR0 

mov 

ax,Loadall 286. 286Msw 



mov 

Loadall_tbl._CR0,eax 



movzx 

eax,Loadall 286. Flags 

; FLAGS 

~> EFLAGS 

mov 

Loadall tblT EFLAGS.eax 




Hereafter MOVZX isn't needed because the upper 16-bits are 
guaranteed to be 0. 


mov 

ax,Loadal1_286._286IP 

; ip 

—> EIP 

mov 

Loadall tbT. ElP.eax 



mov 

ax,Loadal1286.286DI 

i DI 

—> EDI 

mov 

Loadall tbT. EDl.eax 



mov 

ax,Loadal1_286._286SI 

; si 

~> ESI 

mov 

Loadall tbT. ESI,eax 



mov 

ax,Loadal1_286._286BP 

; BP 

—> EBP 

mov 

Loadall tbl. EBP,eax 



mov 

ax,Loadall 286.286SP 

; sp 

--> ESP 

mov 

Loadall tbT. ESP,eax 



mov 

ax,Loadal1_286._286BX 

; BX 

— > EBX 

mov 

Loadall tbl. EBX,eax 



mov 

ax,Loadal1_286._286DX 

; DX 

— > EDX 

mov 

Loadall tbl. EDX.eax 



mov 

ax,Loadal1_286._286CX 

; CX 

—> ECX 

mov 

Loadal l_tbT._ECX,eax 



mov 

ax,Loadal1_286._286AX 

; AX 

—> EAX 

mov 

Loadall tbl. EAX,eax 




DR6 & DR7 aren't in the '286, so let's use the current values. 
By keeping the current values, guarantees that any ICE 
breakpoints, or debug register breakpoints are preserved. 

(ICE breakpoints use (at least) the upper two of the 
'RESERVED' bits in DR7. 


mov 

eax,dr6 

; Keep DR6 

mov 

Loadall tbl. DR6,eax 


mov 

eax,dr7 

; Keep DR7 


Cont’d 


mov 

Loadall_tbl._DR7,eax 



movzx 

eax,Loadall_286._286TR 

; tr 

—> TR 

mov 

Loadall tbl. TR.eax 



mov 

ax,Loadal1_286._286LDT 

; LDT 

—> LDT 

mov 

Loadall_tbl. LDT.eax 




FS & GS aren't in the '286, so let's zero them out. 


xor 

ax,ax 





mov 

Loadall_tb1. GS.eax 

t 

Clear GS 


mov 

Loadall_tbl._FS,eax 

• 

Clear 

FS 


mov 

ax,Loadal1_286._286DS 

• 

DS 

— > 

DS 

mov 

Loadall tbl. DS.eax 





mov 

ax,Loadal1_286._286SS 

t 

SS 

— > 

SS 


Loadall tbl. SS.eax 





mov 

ax,Loadal1_286._286CS 

• 

CS 

--> 

CS 

mov 

Loadall tbl. CS,eax 





mov 

ax,Loadal1_286._286ES 

• 

ES 

--> 

ES 

mov 

Loadall tbT. ES.eax 






Convert '286 descriptor cache register entries to '386 
format. 


mov 

esi.offset 

Loadall 

286.TSS 

Desc286 

mov 

edi.offset 

Loadall 

tbl.TSS 

Desc 

call 

CVT Desc 




mov 

esi.offset 

Loadall 

286.IDT 

Desc286 

mov 

edi.offset 

Loadall 

tbl.IDT 

Desc 

cal 1 

CVT Desc 




mov 

esi.offset 

Loadall 

286.GDT 

Desc286 

mov 

edi.offset 

Loadall 

tbl.GDT Desc 

call 

CVT Desc 




mov 

esi.offset 

Loadall 

286.LDT 

Desc286 

mov 

edi.offset 

Loadall 

tbl.LDT 

Desc 

call 

CVT_Desc 




Fill in FS 

& GS descriptor cache entires 

with 0. 


mov Loadall_tbl.GS_Desc._Type,93h 

mov Loadall tbl.GS Desc. Addr,0 


'ESJAMIS 

imams 


Required Reading for 
386and486 Programmers: 

Computer Organization and 
Assembly Language Programming 

For IBM PCs and Compatibles, 

Second Edition by Michael Thorne 
0-8053-6879-5. Softcover. 698 pages. 1991 

• Covers the 80286, 80386, and 80486 
microprocessors in detail. 

• Provides extensive practical tips for 
programming, debugging, and 
interfacing to peripherals. 

• Emphasizes the relationship between 
microprocessor architectures and the 
implementation of high-level languages. 

For more information visit your local 
bookstore or call: 

800/950-2665 (Information) 
800/447-2226 (Orders) 


THE BENIAMIN/CUMMINGS 
;H;I PUBLISHING COMPANY. INC. 
390 Bridge Parkway 
Redwood City, CA 94065 


□ Request 152 on Reader Service Card □ 
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Listing 3 —Cont’d 


mov Loadall_tbl.GS_Desc._Limit,Offffh 

mov Loadall_tbl.FS_Desc._Type,93h 

mov Loadal1_tbl.FS_Desc._Addr,0 

mov Loadall tbl.FSDesc. Limit,Offffh 


Convert '286 descriptor cache register entries to '386 
format. 


mov 

esi.offset 

Loadall 286.DS Desc286 

mov 

edi.offset 

Loadall tbl.DS Desc 

cal 1 

CVT Desc 


mov 

esi.offset 

Loadall 286.SS Desc286 

mov 

edi.offset 

Loadall tbl.SS Desc 

call 

CVT Desc 


mov 

esi.offset 

Loadall 286.CS Desc286 

mov 

edi.offset 

Loadall tbl.CS Desc 

call 

CVT Desc 


mov 

esi.offset 

Loadall 286.ES Desc286 

mov 

edi.offset 

Loadall tbl.ES Desc 

cal 1 

CVT Desc 


mov 

edi.offset 

Loadall tbl 

LOADALL 

386 


HLT 


; This instruction never 
; gets executed 

@Not LOADALL: 

pop 

ds 


pop 

si 


pop 

bp 


Orig int06: 

jmp far ptr INT_6 



Emulate 286 Loadall endp 


I 

CVT_Desc proc near ; Convert '286 descriptor table 
; ; cache register format to '386 
; ; format. 


Input: DS:ESI * Pointer to '286 descriptor cache entry 

DS:EDI - Pointer to '386 descriptor cache entry 
Output: None 

Register(s) modified: EAX, EBX, ECX 


mov 

eax,[esi] 

; get 24-bit base & 



; access rights 

mov 

ebx.eax 

; make a copy 

movzx 

ecx,[esi]. Limit2 

; get 16-bit limit 

rol 

eax,8 

; put access in AL 

and 

ebx.OOffffffh 

; make 24-bit address 

mov 

ES:Cedi]. Type.al 

; store Access 

mov 

ES:[edi]. Addr.ebx 

; store Address 

mov 

ES:[edi]. Limit,ecx 

; store Limit 

ret 



CVT_Desc 

endp 


TSR_End label 

word 


; End of TSR program 


Local DATA used for initialization code only. 


bogus msgl 

db 

"Unrecognized command line argument." 


db 

CRLF$ 

bogus msg2 

db 

"Not 80386 computer.",7,CRLFS 

driver_msgl 

db 

"Resident driver installed." 


db 

CRLF$ 

driver_msg2 

db 

"Resident driver already installed." 


db 

7.CRLFS 

driver msg3 

db 

"Resident driver removed from memory." 


db 

CRLF$ 

driver_msg4 

db 

"Resident driver was not already " 


db 

"installed",7,CRLF$ 

helpjnsg 

db 

CRLF 


db 

"Syntax: EMULOAD",CRLF 


db 

" EMULOAD -R (to remove from " 


db 

"memory)",CRLF$ 


ASSUME DS:_TEXT 

• 

EMULOAD proc 

near 

; Beginning of initialization 

» 


; code as the NON-TSR part of 

» 


; the program. 

cld 


; clear direction flag 


Print_String emuload_msg ; Print initialization 

; message. 


Check CPU type 


call 

CPU TYPE ; Get CPU type 


and 

al,0fh ; mask out CPU sub-type 


cmp 

al ,3 ; 80386? 



jz 

short @F ; yes 



Print String Bogus msg2 

Not 80386 computer 


mov 

ax,4c06h 

set function to DOS 


int 

21h 

exit to DOS 

Check 

command 

line argument 


@8: 

xor 

ax, ax 

clear AX 


mov 

si,80h 

get start of PSP 


lodsb 


get command line len. 


or 

ax, ax 

Any command line args? 


jz 

short Installed? 

nope 


mov 

cx.ax 

put into counter 


mov 

di, si 



mov 

aV ' 

skip past superfluous 


repz 

scasb 

blank characters 


cmp 

byte ptr [di],0dh 

are we at the end? 


jz 

short Installed? 

yep 


cmp 

byte ptr [di-1],'-' 

check if it's a switch 


jnz 

short @F 

if not, then error 


mov 

si.di 

get pointer 


lodsb 


get cmd line switch 


cmp 

al.'r' 

remove driver? 


jz 

short remove driver 

yep 


cmp 

al.'R' 

remove driver? 


jz 

short remove driver 

go remove driver 


cmp 

al,'?' 

help? 


jnz 

short @F 

nope 


Print String help msg 

Print help message 


mov 

ax,4c04h 

set return code 


int 

21h 

exit to DOS 

Bogus command 

line argument 



Print String bogus msgl 

Invalid command line 


mov 

ax,4c03h 

set function code 


int 

21h 

exit to DOS 

Remove driver 

from memory 


remove 

driver: 




call 

check installed 

Driver installed? 


jnz 

short @F 

driver not installed 


mov 

bp.sp 

create stack frame 


push 

ds 

save (DS) 


mov 

dx.ABSO 

get bottom of memory 


mov 

ds.dx 

make segment register 


ASSUME DS:ABS0, ES: TEXT 


Restore original INT6 vector 


We can restore the original INT6 by getting the vector from 
our current memory resident driver — not the DS from the 
code now executing. The original DS is the same as the code 
segment for our EMULOAD driver. Hence we only need to get 
the original segment value from the memory resident image. 
And we get this by looking at the segment for INT61 


mov 

mov 

mov 

mov 

mov 

es,int_6.int_segment 
ax,es:orig int06[l].int 
bx,es:orig_int06[l].int 
int_6.int_offset,ax 
int 6.int segment,bx 

; Original DS 
offset ; Original INT6 
segment ; " " 

; Restore orig. 

; INT6 

Free memory pointed to by ES 


mov 

ah,49h 

; DOS FREE MEM function 

int 

21h 

; free allocated memory 

mov 

ds,[bp-2] 

; get original (DS) 


ASSUME DS: TEXT 


Now split with TSR removed from memory. 


Print_String driver_msg3 ; Driver removed 
mov ax,4c05h ; set function to DOS 

int 21h ; exit to DOS 


If EMULOAD was not in memory, then come here and split with 
the error code. 
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Listing 3 — Cont’d 


Print_String driver_msg4 
mov ax,4c01h 

int 21h 


; Driver not installed 
; set function to DOS 
; exit to DOS 


Check for driver already installed 


[nstalled?: 

call 

jnz 

check_instal led ; 

short @F ; 

check if driver is 
already installed? 

Driver already installed 

Print String driver msg2 ; 

Driver already inst. 

mov 

ax,4c02h ; 

set function to DOS 

int 

21h ; 

exit to DOS 

Driver not yet installed 

@@: Print_ 

String driverjnsgl ; 

Driver now installed 

Install driver into memory 

xor 

dx.dx ; 

Point to INT. vectors 

mov 

ds,dx ; 

complete the move 

ASSUME ds:ABS0 


; Chain to INT6 by replacing and saving the original INT6 

; vector. 



mov 

ax,int 6.int offset 

; Orig. offset 

mov 

bx.int 6.int segment 

; Orig. segment 

mov 

orig int06[l].int offset, 

ax ; save old INT6 

mov 

orig_int06[l].int_segment,bx ; vector. 


Now replace the original INT6 vector. 



mov 

dx,offset cs:int06 

Get new INT6 vector 


mov 

int 6.int offset,dx 

as CS:INT6 


mov 

int_6.int_segment,cs 


ASSUME 

DS:_TEXT 


; Terminate and Stay Resident 


mov 

dx.cs 

make DS-CS 


mov 

ds.dx 



mov 

es,ds:[2ch] 

get DOS env. segment 


mov 

ah,49h 

release memory func. 


int 

21h 

release memory 


mov 

dx,offset tsr end 

get ending address 


shr 

dx,4 

divide by 16 


adc 

dx,l 

check for remainder; 




add 1 


mov 

ax,3100h 

set return code to DOS 


int 

21h 


EMULOAD 


endp 


ASSUME 

ES:ABS0 




Check to see if the EMULOAD driver is installed in memory. 

It is possible to check if a TSR program is already installed 
in memory by looking for a semaphore in the memory image. 
Luckily we can locate the memory image of our TSR by looking 
at the current INT6 vector. The INT6 code segment is the 
segment of the TSRI So this routine looks in this segment 
for the inital banner message: 

80286 LOADALL EMULATOR utility. 

Version 1.0 Only for 80386 computers. 

Copyright (c) 1991 Robert Collins. 

If this message is found, then the TSR is in memory. If 
another TSR has chained to the same INT6 vector, this 
technique will fail to find EMULOAD, as it very well should! 


Check_installed proc near 


Input: None 

Output: NZ if NOT installed 

ZF if ALREADY installed 
Register(s) modified: CX, SI, DI 


push 

es 

; save (ES) 

mov 

cx.ABSO 

; get bios data segment 

mov 

es,cx 

; put in (ES) 

mov 

cx,emu msg len 

; # of bytes to compare 

mov 

si,offset emuload msg 

; get address of message 

les 

di,ES:INT_6 

; get INT6 vector 

sub 

di,int06-emuload msg 

; point to theoretical 



; start of message 

repz 

cmpsb 

; check data 

pop 

es 

; restore (ES) 

ret 


; split 

Check installed endp 



Include the CPU_TYPE procedure & LOADALL test 


Include CPU_TYPE.ASM 
TEXT ends 

end Emulate 286 LOADALL 



END LISTING 3 

; End of File 



F 

TCP/IP for Windows 


3 


Supports C, C++ 
and Visual Basic 



NFS 

RPC 





Network WindowsrM Software Development Kit 

□ Three Application 
Programming Interfaces: 

Berkeley Sockets, Remote 
Procedure Call (RPC/XDR) 
and Network Windows 
(NFS client) 

□ Support for Microsoft 
Windows 3.0 in all modes: 

Real, Standard and 
Enhanced 

□ Shared library support in 
the form of small Dynamic 
Link Libraries (DLLs) 

□ May coexist with Novell 
Netware (Packet driver) 
or Microsoft LAN Manager 
(NDIS driver) 

□ Support for Ethernet and 
IBM Token Ring 

□ Works with network 
adapters from 3COM, 

Western Digital, IBM and 
others 

□ Windows-based installation 

□ Three Windows applications 
included: 

♦ Network Configuration 

♦ Telnet-VTIOO ^ 

^◄M^F^Managef^^^^ 


$495 


For more information 
call: 



(408) 741 0781 
or fax: 

(408) 741 0795 



distinct 

Distinct Corporation 
P.O. Box 3410 Saratoga, CA 95070 
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Listing 4 


• 386p 


CPU_Type determines the CPU type in the system. 


Written by: 

Robert Collins 
215 Avenida Espana 
San Jose, CA 95139 


Input: None 

Output: AX - CPU type 

0 - 8086/8088 

1 = 80186/80188 

2 * 80286 

3 - 80386 

4 = 80486 

FFFF * Unknown CPU type 

Register(s) modified: AX, BX, CX, EDX 


Macro definitions 


80486 instruction macro -- because MASM 5.1 doesn't support 
the 80486! 


XADD macro 

db 0fh,0C0h,0D2h ; 80486 instruction macro 

ENDM 


t “ 

CPU_Type proc near 


Determine the CPU type by testing for differences in the CPU 
in the system. 


To determine if we are a 8086/8088, or 80186/80188, test the 
value of SP after it is placed on the stack. The algorithm 
for "PUSH SP" differs from 8086/80186 to 80286+. The 
algorithm difference is as follows: 

8086/80186 80286+ 

{ ( 

SP - SP - 2 TEMP - SP 

SS:SP - SP SP - SP - 2 

} SS:SP - TEMP 

} 

Thus for the 8086/80186, the value of SP that gets pushed on 
the stack is the value after SP is decremented. Hence, the 
value on the stack does not reflect the value of SP before the 
"PUSH" instruction. Therefore, all we have to do to 
categorize the CPU as 8086/8088 or 80186/80188 is to "PUSH SP" 
and compare the value on the stack image to the value in SP. 


xor 

ax,ax 

t 

clear CPU type return register 

push 

sp 

• 

save SP on stack to look at 

pop 

bx 

• 

get SP saved on stack 

cmp 

bx.sp 

» 

if 8086/8088 these values will 



t 

differ 

jz 

short @Not_8086 

• 

nope, must be other CPU type 


If this test passes, then we need some other means to differ¬ 
entiate between 8088/8088 and 80186/80188. This method I will 
use comes from "80186/188, 80C186/C188 Hardware Reference 
Manual" from Intel, PN# 270788, page A-2: "When a word write 
is performed at offset FFFFh in a segment, the 8086 will write 
one byte at offset FFFFh, and the other at offset 0, while an 
80186 family processor will write one byte at offset FFFFh, 
and the other at offset lOOOOh (one byte beyond the end of the 
segment). 


Before we can blast a value out to FFFFh, we must save 
anything there, so we don't crash anybody else's data. 


push 

es 


mov 

bx,ds ; get original DS 

inc 

bx 


mov 

es,bx 


mov 

bl,ds:[0] 

get byte @ 0 

mov 

bh.es:[OfffOh] 

get byte @ lOOOOh 

mov 

ds:[Offffh].Oaaaah 

write signature at 
test location 

cmp 

byte ptr ds:[0],0aah 

8086? 

mov 

ds:[0],bl 

restore original value 

mov 

es:[OfffOh],bh 


pop 

es 


je 

short CPU_8086_Exit 


inc 

ax 


jmp 

short CPU_8086_Exit 



When we get here, we know that we aren't a 8086/80186. Arid 
since all subsequent processors will trap invalid opcodes via 
INT6, we will determine which CPU we are by trapping an 
invalid opcode. 

We are an 80486 if: XADD DX,DX executes correctly 

80386 if: MOV EDX.CRO executes correctly 

80286 if: SMSW DX executes correctly 


Setup INT6 handler 


@Not_8086: 

enter 4,0 ; create stack frame 

mov word ptr INT6,offset INT6_handler 

mov INT6+2,cs 

call set_INT6_vector ; set pointer for INT6 handler 

mov ax,4 ; initialize CPU flag*4 (80486) 

xor cx,cx ; initialize semaphore 


Now, try and determine which CPU we are by executing invalid 
opcodes. The instructions I chose to invoke invalid opcodes, 
are themselves rather benign. In each case, the chosen 
instruction modifies the DX register, and nothing else. No 
system parameters are changed, e.g. protected mode, or other 
CPU dependant features. 


The 80486 instruction 'XADD' xchanges the registers, then adds 


i. The 

I DX.DX. 

exact syntax for a 

'486 compiler would be: 

XADD 

;DX,DX 

; 80486 

jcxz 

CPU exit 


dec 

ax 

; set 80386 semaphore 

inc 

cx 

; CX-0 


For a description on the effects of the following instructions, 
look in the Intel Programmers Reference Manual's for the 80186, 
80286, or 80386. 


mov 

edx.crO 

t 

80386 

jcxz 

CPU_exit 



dec 

ax 

» 

set 80286 semaphore 

inc 

cx 

• 

CX-0 

smsw 

dx 

» 

80286 

jcxz 

CPU_exit 



sub 

ax,3 

» 

set UNKNOWN_CPU semaphore 

CPU_exit: 




call 

set INT6 

vector 



leave 

CPU_8086_exit: 
ret 


- i _ 

Set the INT6 vector by exchanging it with the one currently on 
the stack. 


set INT6 vector: 


push 

ds 


push 

ABSO ; save interrupt vector segment 


pop 

ds ; make DS-INT vector segment 

ASSUME 

DS:ABS0 



mov 

dx.word ptrds:INT_6 ; get offset of INT6 


xchg 

INT6,dx ; set new INT6 offset 


mov 

word ptr ds:INT 6,dx 


mov 

dx.word ptr ds:INT_6[2] ; get segment of INT6 


xchg 

INT6+2,dx ; set new INT6 segment 


mov 

word ptr ds:INT_6[2],dx 


pop 

ds ; restore register 


ret 

; split 

ASSUME 

DS:_TEXT 


INT6 handler sets a semaphore (CX-FFFF) and adjusts the return 
address to point past the invalid opcode. 

[BP] 


INT6 handler: 


enter 

0,0 

; create new stack frame 

dec 

cx 

; make CX-FFFF 

add 

word 

ptr ss:[bp][2],3 ; point past invalid 

leave 

iret 

endp 

; opcode 


; End of File 


Common Code to Detect the CPU 


Type 
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Under The Covers 



Controlling Multi-Media 
Video Devices 

Part 1 


One key aspect of multi-media application development is the integration of 
video into your software. The wide availability of video tape sources combined with 
the low cost of video tape production make it an ideal candidate for applications 
where rapid random access is not required. For example: 

• Video tape segments describing travel destinations might be used by a travel 
agent. 

• Video tape segments on various houses might be used by a realtor. 

• Video tape segments describing how to perform various job functions might be 
used for equipment maintenance or operation on a factory floor. 

A key requirement is the ability to control a VCR from your computer software. 
Selectra Corporation (POB 5497, Walnut Creek, CA 94596) sells a super VHS video 
cassette recorder, the Selectra AG-1960/RStm, which provides just such a capability. 
The Selectra VCR is an enhanced version of the standard Panasonic AG-1960 VCR. 
Selectra Corporation has added an internal microprocessor controller which provides 
full computer controls over all VCR operations. The AG-1960/RS interfaces with a 
standard RS-232 port on any computer (I have tested it with an IBM-AT and with a 
Sun workstation). 

Features of the AG-1960/RS include: 

• Supports random access of VHS and S-VHS tapes to the individual frame. 

• Does not require special tapes or timecoding. 

• Provides tape editing commands. 

• Supports HI-FI stereo and other audio modes. 

• Allows variable speed, forward, and reverse playback. 

• Allows single field advance, forward, and reverse. 

• Can report current VCR mode and current frame location back to the computer. 
The AG-1960/RS is configured with a 25-pin female DB-25 connector. The pinout 

matches the pinout on the IBM-PC, so a straight-through serial connector will work 
for these computers. The pin configurations are shown in Figure 1. 


William H. Roetzheim 


William H. Roetzheim has an MBA and is currently an MS candidate in computer 
science. He has worked as the Senior Project Manager for Tetra Tech Services (a 
Honeywell subsidiary) and as an author of computer books and software. He is cur¬ 
rently a senior associate with Booz-Allen and Hamilton., Inc. His latest program is an 
IBM-PC based project management tool which is tailored to software development 
projects, Structured Project Manager's Toolbox (SPMT). You may contact him at Booz- 
Allen and Hamilton, Inc., 4025 Hancock SL, Suite 109, San Diego, CA 92110 (619) 223- 
5681. 




















Listing 1 

// VCR.H - VCR device driver classes 
// VCR - Panasonic Selectra AG-1960 VCR class 

lifndef VCR_H 

Idefine VCR_H 

linclude "Port.h" 

enum CueType {Fine, Coarse}; 

enum VCRMode (StopMode, EjectMode, RewindMode, FFMode, 
PlayFRMode, PlayFFMode, StillMode, 

RecordMode, PlayMode, PowerOffMode, NoTapeMode); 

struct Frame 

{ 

int nHour; 
int nMinute; 
int nSecond; 
int nFrame; 

}; 

class VCR 

{ 

private: 

SerialPort *spSerialPort; 

void SendCommand (Str sCommandString); 

public: 

VCR (int nNewPortAddress * 0x3F8); 

// C0M1: 

~VCR (); 
void Stop (); 
void Eject (); 
void Rewind (); 
void FastForward (); 
void PlayFastReverse(); 
void PlayFastForward (); 
void Still (); 
void Record (); 
void Play (); 
void ReversePlay (); 

void StepForward (); 

void StepReverse (); 

void PowerToggle (); 

void ShuttleOn (); 
void ShuttleUp (); 
void ShuttleDown {); 
void ForwardShuttle (int nSpeed); 
void ReverseShuttle (int nSpeed); 
void CueToFrame (struct Frame NewFrame); 
void SetCueType (CueType ctNewCueType); 
void PlayToFrame (struct Frame EndFrame); 

void PlaySegment (struct Frame StartFrame, 

struct Frame EndFrame); 
void AudioInsertToFrame (struct Frame 
EndFrame); 

void AudioVideoInsertToFrame (struct Frame 

EndFrame); 

void PrePlay (); 

void Calibrate (); 

void ClearCounter (); 

void AudioSelect (); 

void ResetVCR (); 

struct Frame RequestFrame (); 

VCRMode RequestMode (); 

); 

lendif VCR_H 
// End of File 


The AG-1960/RS is configured to receive data at 9600 baud, 
using eight data bits, no parity, and one stop bit. Commands 
follow the Panasonic serial control protocol, with each com¬ 
mand beginning with an STX character (0x02) and ending with 
an ETX character (0x03). Reception of a new command cancels 
any previous command in process. 

Listing 1 shows the header file for a VCR object which en¬ 
capsulates the control capabilities of the AG-1960/RS. The 
SerialPort object was defined in last month's column. Listing 
2 is the C++ source file to implement the most common VCR 
functions (see Table 1). 

None of these commands requires any parameters, and all 
of them are executed by sending the appropriate command 
string to the VCR via the serial port. The remainder of the 
member functions defined in Listing 1 will be implemented 
next month. 

For most applications, it is sufficient to be able to advance 
the tape to a location within a second or two of the desired 
location, then have the VCR play the segment. For those ap¬ 
plications where very precise accuracy is required, the follow¬ 
ing rules must be followed: 

• Insure that video tapes have continuous, clean video from 
the beginning of the tape. Any unrecorded spots or rough 
edits will cause errors in the frame count. 

• Do not place the VCR into full speed fast forward or rewind. 

• Do not allow the VCR to run off the beginning or end of the tape. 

• Execute a Calibrate () command whenever a tape is 
placed in the VCR. 

• Avoid cueing for frame counts of less than five seconds. 

• Do not use the CueToFrame() command in coarse mode 
(SetCueType() selects coarse or fine mode). 

• Use 60 minute tapes recorded in SP mode. 

Next month, the remainder of the member functions will 
be implemented and the use of the VCR for editing will be 
discussed. □ 

If you have a topic you would like to see covered in this 
column, please drop me a note describing your idea in as 
much detail as possible. If your company has a hardware 
product which requires application program support, call or 
write for information on providing sample hardware for use 
during development of a column. Be sure to include a descrip¬ 
tion of the hardware and examples of its application. 


Table i 

void Stop (); 
void Eject (); 
void Rewind (); 
void FastForward (); 
void PlayFastReverse(); 
void PlayFastForward (); 
void Still (); 
void Record (); 
void Play (); 
void ReversePlay (); 
void StepForward (); 
void StepReverse (); 
void PowerToggle (); 

Basic VCR Control Functions 
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Universal 

Printer 

Driver 


Pin 

Name 

Figure 1 

Signal 

Source 

2 

TXD 

Transmit data 

Computer 

3 

RXD 

Receive data 

VCR 

4 

RTS 

Request to send 

Computer 

5 

CTS 

Clear to send 

VCR 

6 

DSR 

Data set ready 

VCR 

7 ( 

GND 

Signal ground 

-- 

20 

DTR 

Data terminal ready 

Computer 


Listing 2 


// VCR.CPP - VCR device driver class. 

// VCR::VCR - Constructor for VCR 
// VCR::~VCR - Destructor for VCR 
// VCR::SendCommand - Send command string to VCR 
// VCR::Stop - Puts the VCR into Stop mode. 

// VCR::Eject - Causes the tape to be ejected from the VCR. 

// VCR::Rewind - Places the VCR into full speed rewind. 

// VCR::FastForward - Places the VCR into full speed fast forward. 

// VCR::PlayFastReverse - Places the VCR into fast reverse play. 

// VCR::PlayFastForward - Places the VCR into fast forward play. 

// VCR::Sti11 - Causes the VCR to Still on the current frame. 

// VCR::Record - Begin recording mode. 

// VCR::Play - Begins normal play mode. 

// VCR::ReversePlay - Begins normal reverse play mode; 

// VCR::StepForward - From a still frame, advance to next field. 

// VCR::StepReverse - From a still frame, step to previous field. 

// VCR::PowerToggle - Toggle VCR power. 

linclude "VCR.h" 

* VCR::VCR - Constructor for VCR 

★ 

* Parameters: 

* int nNewPortAddress - default is address for C0M1: 

* 

* Class Variables Used: 

* Serial Port -spSerialPort; 

* 

* Returns: 

* Nothing 

•k 

* Notes: 

* 1. Configures serial port to 9600 baud, 8 data bits, 

* no parity, and 1 stop bit. 

* Copyright: 

* Original code by William H. Roetzheim (619) 669-6970 

* Copyright (c) 1991 by William H. Roetzheim 

* All rights reserved. 

* 

**********************************************************************y 

VCR::VCR (int nNewPortAddress) 

f 

spSerialPort = new SerialPort (nNewPortAddress, "VCR 11 ); 
spSerial Port-»SetBaud (9600); 
spSerialPort-»SetBitsPerWord (8); 
spSerialPort-»SetStopBits (1); 
spSeri al Port-»SetPari ty (NoPari ty); 

) 
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Listing 2 — Cont’d 


* VCR::~VCR - Destructor for VCR 

★ 

* Parameters: 

* None. 

* 

* Class Variables Used: 

* Port ‘SerialPort 

* 

★★★★★★★★★***★★★★★★*★★★★★★★★★★★**★*****★*★*★★★*★★★**★★★*★**★***★**★★★★★i 

VCR::~VCR () 

{ 

delete spSerialPort; 

} 


* VCR::SendCommand - Send command string to VCR 

* 

* Parameters: 

* Str sCommandString - String to be output 

* 

* Class Variables Used: 

* Port ‘SerialPort 

* 

**********************************************************************J 

void VCR::SendCommand (Str sCommandString) 

{ 

// Send start of command string character 
spSerialPort-»OutChar (0x02); 

// Send command string 
int i; 

for (i = 0; i « sCommandString.Length (); i++) 

{ 

spSerialPort-»OutChar (sCommandString.Slice (i)); 

) 

// Send end of command string character 
spSerialPort-»0utChar (0x03); 


j****************************************************************** 

* VCR::Stop - Puts the VCR into Stop mode. 

★ 

* Notes: 

* 1. This will abort any command in process, and stop 

* any tape motion. 

* 

* 2. This command should not normally be used to terminate 

* an assembly or insert edit. Stop will immediately 

* stop the VCR, preventing a clean edit transition. Use 

* Still instead to allow the VCR to establish proper 

* sync at the edit out point. 

* 

* 3. The tape is left loaded on the head to allow quick 

* resynchronization after a new play command. 

* 

* 4. Maximum command duration is 300 ms. 

★ 

* 5. Audio and video are immediately placed into passthrough. 

* 

********************************************************************** j 

void VCR::Stop (void) 

{ 

SendCommand ("A@@“); 

) 
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Listing 2 — Cont’d 


/★★a*************************************************************** 

* VCR::Eject - Causes the tape to be ejected from the VCR 

★ 

* Notes: 

* 1. Reception of this command will abort any command 

* in process, and eject the tape. If no tape is 

* in the VCR, the command has no effect. 

* 

* 2. After a tape has been ejected, it can only be reloaded 

* into the VCR manually. 

* 

* 3. Maximum command duration is 5 seconds. 

* 

* 4. Audio and video are immediately placed into passthrough. 

★ 

★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★Ik ***************************** ^ 

void VCR::Eject (void) 

f 

SendCommand ("A@A"); 

) 


^ ****************************************************************** 

* VCR::Rewind - Places the VCR into full speed rewind 

★ 

* Notes: 

* 1. This is the fastest way to position the tape in the 

* reverse direction. No audio or video is output during 

* the rewind. 

* 

* 2. This command cannot be used if high accuracy is required. 

* Since the tape is moved at high speed, minor errors in the 

* frame count will result every time this command is executed. 

* If high accuracy is required, the PlayFastReverse () command 

* must be used instead. 

* 

* 3. Maximum command duration, 300 mSeconds to start rewinding. 

* 

* 4. Audio and video are placed into passthrough. 

* 

★★***★*****★★***★★★*★★***★★***★**★*★★**★★★**★★******★★★***★★*★*★****★*j 

void VCR::Rewind (void) 

( 

SendCommand (“A@B"); 

) 


j****************************************************************** 

* VCR::FastForward - Places the VCR into full speed fast forward 

★ 

* Notes: 

* 1. This is the fastest way to position the tape in the 

* forward direction. No audio or video is output 

* during the fast forward. 

* 

* 2. This command cannot be used if high accuracy is 

* required. Since the tape is moved at high speed, 

* minor errors in the frame count will result every time 

* this command is executed. If high accuracy is required, 

* the PlayFastForward () command must be used instead. 

* 

* 3. Maximum command duration is 300 mSeconds to begin fast 

* forwarding. 

* 

* 4. Audio and video are placed in passthrough. 

★ 

**********************************************************************J 


THE FAST, FLEXIBLE 
EASY TO USE GUI 

TEGL WINDOWS TOOLKIT II 
The TEGL Windows Toolkit II is really 
three toolkits in one: a graphics inter¬ 
face, a memory manager and a window 
manager. Together they provide a pro¬ 
gramming environment. With the tools 
you get you can build a true event driven 
GUI for your DOS application. 


OUTSTANDING I KATUKKS 
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more for only $99: 
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application. 

* Virtual memory management using 
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WINDOW ROUTINES 
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dard character I/O, local menus, re- 
sizeable, scroll bars, headers, graphics 
clipping, CRT windows. 

The Complete Games Toolkit II 
Includes the TEGL Windows Toolkit plus com¬ 
plete source code for five games. The games are 
great examples of the use of the toolkit. Even in¬ 
cludes an electronic deck of cards to create your 
own card games. 


EXTRA BENEFITS 
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3 WAYS TO 
ELIMINATE 
CODE LISTING 
ERRORS 


1. Buy TECH Specialist 
magazine listings each 
month-they’re already 
on disk. Just send us 
$5 and ask for the code 
by issue number-you’ll 
receive one month of 
error-free listings. 


2. Ask for the 1990 
TECH Specialist complete 
code disk. For only $12 
you’ll get 7 months of 
error-free code. 


3. Order a full year of 
code listings for $30. 
We’ll send you a code 
disk every month-so 
you get all the TECH 
Specialist code for 12 
months—error-free, 
hassle free! 


Why wait? Order 
today! Call: 


913-841-1631 


or write: 


2601 Iowa Street 
Lawrence, KS 66046 


TECH. .. 
specialist 


Listing 2 — Cont’d 


void VCR::FastForward (void) 

{ 

SendCommand (“A@C"); 

) 

/★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★Hr****************** 

* VCR::PlayFastReverse - Places the VCR into fast reverse play 

★ 

* Notes: 

* 1. This mode moves the tape as fast as possible, while 

* still providing a video picture. No audio is output 

* during the motion. 

* 

* 2. This is the fastest way to move the tape in the reverse 

* direction and still maintain high tape count accuracy. 

* 

* 3. The tape speed in this mode is 7X play (SP mode) or 21X 

* play (SLP mode). 

* 

* 4. If very high accuracy is required, use of the CueToFrame () 

* command is preferred, since abrupt tape stops may cause minor 

* count errors. Allowing the tape to run off the beginning 

* may also cause errors in the tape count. 

* 

* 5. Maximum command duration is 300 mSeconds to begin play. 

* 

* 6. Video plays (with high speed noise bars), audio is muted. 

★ 

★ ★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★Ik J 

void VCR::PIayFastReverse (void) 

{ 

SendCommand ("A@D"); 

} 


y****************************************************************** 

* VCR::PlayFastForward - Places the VCR into fast forward play 

★ 

* Notes: 

* 1. This mode moves the tape as fast as possible, while 

* still providing a video picture. No audio is output 

* during the motion. 

* 

* 2. This is the fastest way to move the tape in the forward 

* direction and still maintain high tape count accuracy. 

* 

* 3. The tape speed in this mode is 7X play (SP mode) or 21X 

* play (SLP mode). 


4. If very high accuracy is required, use of the CueToFrame () 
command is preferred, since abrupt tape stops may cause minor 
count errors. Allowing the tape to run off the end 

may also cause errors in the tape count. 

5. Maximum command duration is 300 mSeconds to begin play. 

6. Video plays (with high speed noise bars), audio is muted. 


★ ★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★Hr******* J 

void VCR::PlayFastForward (void) 

{ 

SendCommand ("A@E"); 

) 
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y****************************************************************** 

* VCR::Still - Causes the VCR to Still on the current frame 

* 

* Notes: 

* 1. The VCR will always attempt to provide a clean picture 

* when executing this command. To establish correct video 

* sync, up to three frames may be stepped through until 

* the picture is free of noise bars. This command is also 

* useful for turning on the video at the completion of 

* a CueToFrame () command. 

* 

* 2. Maximum duration is 300 mSeconds to execute the command, 

* but up to 1 second may be required to produce a noise 

* free picture. 

* 

* 3. Video is displayed, audio is muted. 

* 

********************************************************************** j 

void VCR::Sti11 (void) 

{ 

SendCommand ("A@F“); 

} 

J****************************************************************** 

* VCR::Record - Begin recording mode 

★ 

* Notes: 

* 1. Attempting to record on a tape which has the erasure 

* tab removed will cause the tape to be ejected from 

* the VCR. 

* 

* 2. Maximum command time is 300 mSeconds. 

* 

* 3. The audio and video being recorded are output. 

* 

********************************************************************** J 

void VCR::Record (void) 

( 

SendCommand (“A@H"); 

) 


j****************************************************************** 

* VCR::PI ay - Begin normal play mode 

★ 

* Notes: 

* 1. Four seconds are required until playback begins from a 

* full stop condition. 

* 

**********************************************************************j 

void VCR::PI ay (void) 

( 

SendCommand ("A@J“); 

} 


j ****************************************************************** 

* VCR::ReversePlay - Begins normal reverse play mode 

* 

* Notes: 

* 1. Four seconds are required until playback begins from 

* a full stop condition. 

* 

**********************************************************************j 

void VCR::ReversePlay (void) 

( 

SendCommand ("A@K"); 

) 


C£32 


If you need to create 
numerical solutions beyond 
640K on DOS and unleash 
386 or 486 power, we have 
some real good news for you. 

CSL32 is a brand new version of CSL 
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programming, with the Watcom C 
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CSL32 Introductory Offer. 
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Watcom compiler, you may now 
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Windows. 
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for numerical solutions. 
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O Source Code Option 
O Guiding Examples 
O Application Notes 
O Validated Code 
O Easy to Use 
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O Runtime Distribution Rights 
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and pricing information. 

CSL, CSL32 and Eigenware arc registered trademarks of 
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trademarks or registered trademarks of their respective holders. 


Eigenware Technologies 


13090 La Vista Drive 
Saratoga, CA 95070 
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...ERRORS! 


End your listing errors by subscribing to 
TECH Specialist ’* code listings on disk. 



...HIGHER 

PRODUCTIVITY! 

Save hours of typing in long code listings 
and make better use of your time. 



...TO THE PHONE! 


Call 

913 - 841-1631 

TODAY! 


For only $30* you'll receive 12 disks 
(one per issue) of TECH Specialist 
listings. You’ll save 50% off the price 
of buying the disks individually! 

If you don’t already subscribe 
to TECH Specialist --order both 
the magazine and disk 
for $59* 


Subscriptions must be prepaid 
and are available on 5.25" 
or 3.5" MS-DOS format only. 


TECH. .. . 
specialist. 


•foreign prices vary (call for details) 
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I ****************************************************************** 

* VCR::StepForward - From a still frame, advance to next field 

★ 

* Notes: 

* 1. A video frame consists of two fields. This command 

* steps forward one field, so the frame counter advances 

* after every other field step. 

* 

* 2. The VCR will automatically stop if left in still frame 

* longer than 5 minutes without moving the tape. 

* 

* 3. This command requires 300 mSec. to execute. 

* 

* 4. Video is output, audio is muted. 

★ 

**********************************************************************i 

void VCR::StepForward (void) 

{ 

SendCommand ("A@L"); 

} 

j****************************************************************** 


* VCR::StepReverse - From a still frame, step to previous field 

★ 

* Notes: 

* 1. A video frame consists of two fields. This command 

* steps backward one field, so the frame counter decreases 

* after every other field step. 

* 

* 2. The VCR will automatically stop if left in still frame 

* longer than 5 minutes without moving the tape. 

* 

* 3. This command requires 300 mSec. to execute. 

★ 

* 4. Video is output, audio is muted. 

* 

★ 

********************************************************************** j 
void VCR::StepReverse (void) 

{ 

SendCommand ("A@M"); 

} 

j ****************************************************************** 

* VCR::PowerToggle - Toggle VCR power. 

* 

* Notes: 

* 1. This command toggles the VCR power on/off. Turning the 

* VCR power off does not inhibit communication with the 

* VCR serial processor. 

* 

* 2. RequestModeO can be used to determine if the VCR 

* power is currently off. 

* 

* 3. Three seconds may be required to turn off the power if 

* it is in the play mode. 

* 

* 4. Audio and video are muted. 


********************************************************************** J 

void VCR::PowerToggle (void) 

{ 

SendCommand ("ACM"); 

} 


// End of File 
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Gracefully Breaking Out Of Infinite Loops 


David Burki 


At some point in almost every programmer's 
career, he or she codes a looping construct that will 
never terminate. Those of us who write in assembly 
or C have the added excitement of being able to 
write over code, or to move off and execute in some 
random location in memory. Getting out of such situa¬ 
tions generally requires rebooting the machine, espe¬ 



cially when the loop contains no DOS (Int 21h ) func¬ 
tion calls that check the status of the DOS Ctrl-C/Break 
flag. In this article, I will show how to provide for a 
graceful exit when your program hangs on an infinite 
loop or is executing garbage. 

While searching for ways to dispose of the dis¬ 
played by Ctrl-C and Ctrl-Break, I came across a 
bit flag in the BIOS data area that is set when Int 9 
(the BIOS keyboard hardware interrupt) detects the 
Ctrl-Break key combination. Once I had all the 
pieces to the Ctrl-C/Break puzzle in place, it was 
apparent that the BIOS Break Flag didn't play a part. 
However, the flag stimulated some thought and 
resulted in the routines described here. These 
routines are intended as tools for use during develop¬ 
ment, not as part of a marketable product. The tools’ 
objectives are simple: provide a set of routines that 
will detect the Ctrl-Break key combination, call a 
clean-up routine if necessary, and terminate the 
"hung" application. 

Determining Machine Stability 

You can use the breakout tool to interrupt most 
any process, simply by pressing the designated hot 
key. The process might be your program, DOS, or a 
BIOS interrupt. Since the hot key can interrupt almost 
any task, the breakout tool must know that the 
machine state is stable before it successfully ter¬ 
minates the application. For the purposes of the 
breakout tool, the following conditions must exist for 
the machine state to be considered stable: 

• No disk I/O in progress 

• DOS must be in a state in which DOS functions (Int 

21h) can be made 

• No critical error in progress 


David Burki is a programmer/analyst with PDA, Inc. 
He specializes in systems and application software 
design and development under MS-DOS using C and 
assembly. You may contact him at PDA, Inc., 11600 
College Boulevard, Overland Park, KS 66210. (913) 469- 
8700. 
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To determine whether disk I/O is in progress, inter¬ 
cept the BIOS interrupts that interact with the disk 
devices (both floppy and hard). The intercept functions 
increment a busy flag, call the original interrupt, and 
then decrement the busy flag when the BIOS inter¬ 
rupt returns. In Listing 1, these functions are thir- 
teen_handler(), twenty_five_handler(), and twen- 
ty_six_handler(). All three routines increment and 
decrement the same flag, busy_flag. If the flag is 
non-zero, one of these routines is in progress. The 
breakout tool will not terminate the foreground 
process until busy_f lag is zero. 

Since DOS itself is generally not re-entrant, the 
breakout tool must determine that Int 21h function 
calls can safely be made before calling the clean-up 
function and terminating the application. The undocu¬ 
mented but well- publicized Int 21h, function 34h 
returns a pointer to a flag commonly called the InDOS 
flag. If this internal DOS flag is zero, it is safe to make 
Int 21h function calls. If the flag is non-zero, it is not 
safe to make DOS function calls. There are exceptions 
to this rule, but for the purposes of this article, I will 
ignore them. The function get_indos_addr() (Listing 
1) uses function 34h to retrieve the address of the 
InDOS flag and then stores the address in a code seg¬ 
ment variable for later use. 

The last item in determining machine stability is 
whether the system is handling a critical error. If a 
critical error is in progress, the breakout tool should 
not attempt to terminate the application. DOS main¬ 
tains a second undocumented flag that, when set to 
zero, indicates that a critical error is not in progress. 
The critical error flag is located one byte after the 
InDOS flag in DOS versions 2.x, and one byte before 
the InDOS flag in DOS versions 3+. (In Compaq DOS 
version 3.0, the critical error flag is located laah bytes 
before the InDOS flag.) The function get_criti- 
cal_error_addr() (Listing 1) obtains the address of 
the critical error flag, using the method appropriate 
for the version of DOS, and stores the address in a 
code segment variable. 

Implementing The Breakout Tool 

The breakout tool must determine whether it 
should break out of the program when its hot key is 
pressed. Using Ctrl-Break as the hot key saves some 
coding effort, since Int 9 is already set up to detect 
this key combination and sets a flag when it is en¬ 
countered. Because Int 9 execution is an 
asynchronous event triggered by a hardware inter¬ 
rupt, pressing Ctrl-Break will always set the BIOS 


Break Flag. Anytime the hot key is pressed, the BIOS 
Break Flag is set, indicating that program termination 
is desired. The breakout tool can then check the BIOS 
Break Flag state periodically. 

Listing 1 contains the remaining routines for the 
breakout tool. The only externally visible functions 
are insure (), which installs the breakout tool, and 
cancel (), which removes it. The application under 
development can install and remove the breakout 
tool as often as necessary, insure() checks that the 
breakout tool isn’t already installed before attempting 
to install it, and cancel () makes sure the breakout 
tool is installed before trying to remove it. 

The insure () function expects a single parameter, 
a far pointer to the function to be called when Ctrl- 
Break is pressed. This clean-up function may perform 
any tasks necessary, such as restoring the video 
mode or restoring interrupt vectors captured by the 
application before the application is terminated. If 
your application doesn’t require a clean-up function, 
simply pass the NULL pointer as the parameter. 

Before proceeding with the installation process, 
insure() inspects the local variable insured_psp. If 
insured_psp is non-zero, the breakout tool is already 
installed, and insure() returns 1 to indicate that the 
requested insurance wasn't put in place. If insurance 
isn’t already in place, insuref) checks the DOS ver¬ 
sion. Since this version of the breakout tool requires 
DOS 3.0 or higher to establish the current Program 
Segment Prefix (PSP), insure() verifies the DOS ver¬ 
sion as 3.0 or higher before continuing with the in¬ 
stallation. The function then retrieves the segment 
address of the PSP for the application installing the 
breakout tool and stores it in the local variable in- 
sured_psp. Later, when the hot key is detected, this 
address must match the PSP address of the currently 
executing program before the breakout tool will ter¬ 
minate the program. By requiring the currently ex¬ 
ecuting program’s PSP to match the PSP of the in¬ 
staller, you guarantee that you are not about to ter¬ 
minate some other application by mistake. Installa¬ 
tion continues by storing the address of the clean-up 
function in a local variable, obtaining the addresses of 
the InDOS and critter flags, saving the application 
SS and SP, making sure the BIOS Break Flag is clear, 
and installing the interrupt intercept routines. Saving 
the application stack permits a small memory model 
application to use certain C library functions that, for 
some reason, can’t handle a different stack. The large 
memory model avoids this stack manipulation, in¬ 
sure () returns zero to indicate successful installation. 

(text continued on page 67) 
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Listing 1 (breakout.asm) 


COMMENT 


File: breakout.asm 

This module contains routines necessary to enable 
Ctrl-Break to "break out" of infinite loops. A user 
supplied clean up routine may be specified if necessary. 

MASM 5.1/TASM 2.0 - C callable installation & 
de-installation functions. 

Language & memory model independant. Change the .model 
directive as needed. 

Author: David Burki 

END OF COMMENT ~ 

title BREAKOUT.ASM 
page 57,132 

% .model m_model, lang 
; - MACROS and EQUATES - 

;macro to simulate an interrupt so the interrupt returns 
;to the instruction immediately following the call 
sim_int macro num 
pushf 

call cs:orig_&num 

endm 

;macro to push selected registers 
apush macro a,b,c,d,e,f,g,h 

irp x,<a,b,c,d,e,f,g,h> 
ifnb <x> 


push 

X 


; interrupt vectors. 



endif 



orig_08h 

dd 

0 


endm 



orig_lbh 

dd 

0 


endm 



orig_13h 

dd 

0 





orig_25h 

dd 

0 


;macro to pop selected registers 


orig_26h 

dd 

0 


apop macro a, 

b.c.d.e.f.g.h 






irp x,<h,g,f 

,e,d,c,b,a> 


; — storage for the segment addr of 

the 

ifnb <x> 



; that asked for insurance 

- if 

zero 

pop 

X 


; in effect 



endif 



insured psp 

dw 0 



endm 







endm 



; — flag if 

still processing 

in int 

8h 




in_al ready 

db 0 



;macro to install a replacement vector 






; -- assumes 

that ds * code seg of replacing 

function 

; --- interrupted program's SS 

& SP 


; -- all var 

names used to save original vector must be 

save_ss 

dw 0 



; 2 characters long plus a training "h" 

(i.e. for 

save sp 

dw 0 



; int 8h 

"orig 08h") 






install vector macro vector num,function name 


; — original 

C stack segment 



mov 

ax,35&vector num 


installer_ss 

dw 0 



int 

2 lh 


installer_sp 

dw 0 



mov 

word ptr orig_&vector_num,bx 






mov 

word ptr orig &vector num+2,es 


; — local stack while in int 

8h handler 

lea 

dx,function_name 


my_stack 

dw 256 dup(0) 


mov 

ax,25&vector_num 


stack_top 

label word 




int 


21h 


endm 


macro to un-install a replaced vector 

-- all var names used to save original vector must be 
2 characters long plus a training "h“ (i.e. for 
int 8h "orig_08h") 

restore vector macro replaced_vector 


Ids dx,cs:orig_&replaced_vector 
mov ax,25&replaced_vector 

int 21h 


endm 


; segment and offset of the BIOS break flag 
BIOSJEG equ 40h 

BREAK_FLAG_OFF equ 71h 

;- CODE - 

.code 

; declare externally visible functions 
public insure, cancel 

; NOTE: all variables used here are part of the code 
; segment so the interrupt routines can have easy 

; access to them 

; — storage for the address of the InDOS flag 
indos_addr dd 0 

; — storage for the address of the critical error flag 
critter_addr dd 0 

; — storage for the version of dos 
dos_major_version db 0 

dos_minor_version db 0 

; — flag indicating disk i/o in progress 
busy_f1ag db 0 

; — far pointer to clean up routine 
exit_routine dd 0 

; — storage for original addresses of intercepted 


assume ds:@curseg, esinothing 


GET_D0S_VERSI0N() 

Obtain the version & revision of DOS. Store the version 
in the variable "dos major version" and the revision in 
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the variable "dos_minor_version". Both variables are code 
segment variables. 

Returns: 

AL - dos minor version number 
AH - dos major version number 


public get_dos_version 
get_dos_version proc 
mov ah,30h 

int 21h 

mov cs:dos_major_version,al 

mov cs:dos_minor_version,ah 

ret 

get_dos_version endp 


GET_CRITICAL_ERROR_ADDR() 

This function obtains & saves the address of the 
critical error flag. For DOS versions 3+, the critical 
error flag is the byte just before the InDOS flag. For 
DOS 2.x, it's the byte just after. 

NOTE: get_dos_version() must be called before this 
function 

NOTE: For COMPAQ DOS version 3.x, the critical error 

flag is located Olaah bytes BEFORE the InDOS flag. 

Trashes: AX 


public get_critical_error_addr 


get_critical_error_addr proc USES ES BX 
; — get the address of the InDOS flag 
mov ah,34h 

int 21h 

; — dos 3.x or better use byte before InDOS 
cmp byte ptr cs:dos_major_version,3 

jge byte_before ;good_version 

; — dos 2.x, use byte after InDOS flag 
inc bx 

jmp store_critter_addr 

byte_before: 

dec bx 

store_critter_addr: 

; — save the address & return success 

mov word ptr cs:critter_addr,bx 

mov word ptr cs:critter_addr+2,es 

ret 

get_critical_error_addr endp 


GET_INDOS_ADDR() 

Uses the undocumented (but well known) function 34h of 
INT 21h to obtain a far pointer to the "InDOS" flag. 
Stores the address of the flag in the code segment 
variable “indos_addr". 

Trashes AX 


r 
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Listing 1 

— Cont’d 

public get indos addr 

indos exit: 

get indos addr proc USES ES BX 

ret 

; — get the address 

check indos flag endp 

mov ah,34h 

int 21h 


; --- save address in cs referenced variable 

; CHECK BREAK BIT() 

mov word ptr cs:indos addr.bx 

; This function examines the BIOS Break Flag (bit 7 of 

mov word ptr csrindos addr+2,es 

; the byte at 40:71). 

ret 

> 

get indos addr endp 

; Returns: 

; carry clear - Break Flag is clear. 

» 

; carry set - Break Flag is set. 

; CHECK CRITTER FLAG() 

» 

; Examine the undocumented “critical error" flag to 

check break bit proc USES DS ES BX 

; determine if a critical error is in progress. 

; — establish addressing to the flag 

> 

mov bx.BIOS SEG 

; Returns: 

mov es,bx 

; carry clear - A critical error is NOT in progress 

mov bx,BREAK FLAG OFF 

; carry set - A critical error is in progress 



; ---is bit 7 set 

public check critter flag 

test es:byte ptr [bx],10000000b 

check critter flag proc USES AX DS SI 

jnz break bit set 

; — ds:si <- address of critter flag 


Ids si.dword ptr cs:critter_addr 

; — no, return with carry clear 
clc 

; --- check critter flag ■ zero 

jmp check break exit 

lodsb 


or al,al 

; — yes, clear it & return carry set 

jz no critter 

break bit set: 


and es:byte ptr [bx],01111111b 

; — critter flag not zero, return carry set 

stc 

stc 


jmp critter_exit 

check_break_exit: 

ret 

; --- critter flag zero, return carry clear 

check break bit endp 

no critter: 


cl c 

; INSTALL INTERCEPTSO 

critter exit: 

; Retrieve & save the current vectors, replacing the 

ret 

; vector table entries with the addresses of the 

check_critter_flag endp 

; intercept routines. 

» 

; Entry: 

; CHECK INDOS FLAG() 

; DS = CS 

; Examine the undocumented “InDOS” flag to determine if 

; Returns: 

; non-rentrant DOS functions are currently executing. 

; No value 

t 

; Trashes: 

; Returns: 

; AX, BX, DX, ES 

; carry clear - InDOS flag is zero. 


; carry set - InDOS flag is non-zero. 

install intercepts proc 

t 

assume ds:@curseg 

public check indos flag 

; — capture int 8h vector 

check indos flag proc USES AX DS SI 

install vector 08h,int 8h handler 

; — ds:si <-- addr of InDOS flag, then load al with 


; the byte at that address 

; — capture int 13h vector 

Ids si.dword ptr cs:indos addr 

install vector 13h,thirteen handler 

lodsb 

; — capture int 25h vector 

; --- indos flag equal zero, DOS is stable 

install vector 25h,twenty five handler 

or al,al 


jz dos_stable 

; --- capture int 26h vector 

install vector 26h,twenty six handler 

; — no, set carry & return 


stc 

; --- capture int lbh vector 

jmp indos_exit 

install_vector lbh,break_handler 

; — yes, clear carry and return 

ret 

dos stable: 

install intercepts endp 

clc 
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Listing 1 —Cont’d 


INSURE( cleanup_function ) 

void (*PFV)(); /* far pointer to cleanup function */ 


assume ds:nothing 


Installs the breakout tool. 

Returns: 

AX * zero - installed successfully 
AX not zero - did not install 


insure proc USES DS ES SI DI, CLEAN_UP:FAR PTR 

; — force ds ■ cs 
push cs 

pop ds 

assume ds:@curseg 

; — currently in palce? 

cmp word ptr insured_psp,0 

; — yes, return to caller with no action 
jnz not_installed 

; --- get dos version 

call get_dos_version 

; — if not dos 3.x don't install 
cmp ah, 3 

jl not_installed 


retrieve & save the psp of the current process 
function 62h (get PSP) is DOS 3+ only 
mov ah,62h 

int 21h 

mov insured_psp,bx 

get the addr of clean up function & save it 
les bx,CLEAN_UP 

mov word ptr exit_routine+2,es 

mov word ptr exit_routine,bx 


CANCELO 

Restore the original vectors and clear the 
”insured_psp 11 address. 

Returns: 

No value 
Trashes: 

AX 


cancel proc USES DS DX 

; --- if not installed, get out with no action 
mov dx,cs:insured_psp 

or dx.dx 

jz no_cancellation 


get the original 

int 

8h 

& 

restore 

it 

restore_vector 

08h 





get the original 

int 

lbh 

& 

restore 

it 

restore_vector 

lbh 





get the original 

int 

13h 

& 

restore 

it 

restore vector 

13h 





get the original 

int 

25h 

& 

restore 

it 

restore_vector 

25h 





get the original 

int 

26h 

& 

restore 

it 

restore vector 

26h 






; — clear the insured_psp address 

mov cs:word ptr insured_psp,0 

no_cancellation: 

ret 

cancel endp 


get the addr of "InDOS" flag 
call get_indos_addr 


assume cs:@curseg 


; --- get the gritical error flag address 
call get_critical_error_addr 

; --- install the interrupt intercepts 
call install_intercepts 

; — insure BIOS break flag is clear 
mov bx,BIOS_SEG 

mov es.bx 

mov bx,BREAK_FLAG_OFF 

and es:byte ptr [bx],01111111b 


; — save installer's SS and SP 
mov installer_ss,ss 

mov installer_sp,sp 


; — set good return code & clear “in already" flag 
; for int 8h handler 
xor ax,ax 

mov byte ptr in_already,al 

jmp insure_exit 


not_installed: 

mov ax,l 


insure_exit: 

ret 

insure endp 


INT_8H_HANDLER() 

Intercept for timer tick interrupt. 

Checks the BIOS break flag (bit 7 at 40:71) on each 
invocation. 

Flagged to prevent rentry. 


int_8h_handler proc far 
; --- let int 8 do it's stuff 
sim_int 08h 
cli 


if int 8 post processing is still going on, don't 
re-enter - return to the interrupted code 
cmp cs:byte ptr in_already,l 

jnz do_break_ck 

iret 


do_break_ck: 

; — flag that 
mov 
mov 
mov 
push 
pop 
mov 
sti 
apush 


we're processing an int 8h & swap stacks 

cs:byte ptr in_already,1 

cs:save_ss,ss 

cs:save_sp,sp 

cs 

ss 

sp,offset cs:stack_top 
ax,bx,cx,dx,ds,es,si,di 
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Listing 1 — Cont’d 


if the BIOS break flag is NOT set, iret to caller 
call check_break_bit 

jnc no_break 

if disk i/o in progress, iret back to caller 
cmp cs:busy_flag,0 

jnz no_break 

if not in dos or critical error 
call check_indos_flag 

jc no_break 

call check_critter_flag 

jc no_break 

if the psp of the caller isn't the same as 
the psp when installed, skip it 
mov ah,62h 

int 21h 

cmp bx,cs:insured_psp 

jnz no_break 


THIRTEEN_HANDLER() 
intercept for int 13h 

Increments the busy flag on entry, calls the original 
interrupt service routine, and decrements the busy flag 
when the disk routine is complete. The busy flag must 
be zero to indicate no disk i/o in progress. 


thirteen_handler proc far 
pushf 

inc cs:busy_flag 

popf 

sim_int 13h 
pushf 

dec cs:busy_flag 

popf 

iret 

thirteen_handler endp 


; --- BIOS break flag was set, everything is stable and the 
; active PSP is the same as the one that installed the 

; insurance, clear the BIOS break bit and uninstall 

; the intercepted vectors 
call cancel 

; — if a user supplied exit routine is installed, do it 
mov bx.word ptr exit_routine+2 

or bx,bx 

jnz do_user_supplied_exit 

; --- otherwise, DOS terminate function - error level ■ 1 
mov ax,4c01h 

int 21h 


do_user_supplied_exit: 

; — get back BX & ES plus clean off CS, IP & FLAGS pushed 
; on original interrupt, then jump to user exit routine 
mov ss,cs:installer_s$ 

mov sp,cs:installer_sp 

jmp cs:exit_routine 


no_break: 

; --- clean up 
apop 
cli 
mov 
mov 
sti 
mov 


the stack 

ax,bx,cx,dx,ds,es,si,di 

ss,cs:save_ss 

sp,cs:save_sp 

cs:byte ptr in_already,0 


skip_it: 

; — iret to the int 8 caller 
i ret 

int_8h_handler endp 


TWENTY_FIVE_HANDLER() 
intercept for int 25h 

Increments the busy flag on entry, calls the original 
interrupt service routine, and decrements the busy flag 
when the disk routine is complete. The busy flag must 
be zero to indicate no disk i/o in progress. 


twenty_five_handler proc far 
pushf 

inc cs:busy_flag 

popf 

sim_int 25h 
pushf 

dec cs:busy_flag 

popf 

iret 

twenty_five_handler endp 


TWENTY_SIX_HANDLER() 
intercept for int 26h 

Increments the busy flag on entry, calls the original 
interrupt service routine, and decrements the busy flag 
when the disk routine is complete. The busy flag must 
be zero to indicate no disk i/o in progress. 


twenty_six_handler proc far 
pushf 

inc cs:busy_flag 

popf 

sim_int 26h 
pushf 

dec cs:busy_flag 

popf 

iret 

twenty_six_handler endp 


BREAK_HANDLER() 

Simple replacement for int lbh - no more than an iret 
to keep the " A C" off the display screen. 


break_handler proc far 
iret 

break_handler endp 


end 

; End of File 
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At the heart of the breakout tool is the 
Int 8 intercept routine, int_8h_hand- 
ler(). At every timer tick, int_8h_hand- 
ler() calls the original Int 8 routine to 
allow the interrupt to be serviced first. 
Since the original Int 8 routine issues 
the End Of Interrupt (EOI) before it 
returns control, the intercept code 
doesn't have to. int_8h_handler() 
checks the in_already flag before 
entering the post Int 8 code to avoid 
re-entering the post-processing block 
on subsequent timer ticks. If the in_al- 
ready flag is non-zero, control is imme¬ 
diately returned to the process that 
was interrupted by the timer tick. If 
in_already is zero, the code continues 
by setting the in_olready flag and 
switching to an internal stack before 
saving the necessary registers used by 
the process. If the BIOS Break Flag is set 


and the InDOS and critter flags are 
clear, the InDOS cancel () function is 
called to remove the captured inter¬ 
rupts. After these tasks are ac¬ 
complished, the stack is switched to the 
stack saved during the installation 
process, and control is transferred to 
the clean-up function. The clean-up 
function is not expected to return. 

If you write the clean-up function in 
C, as in Listing 2, you must declare it as 
a far function and use the special 
modifier, interrupt. Both Microsoft and 
Turbo C provide the interrupt modifier, 
designed to permit writing interrupt 
service routines in C. The interrupt 
modifier causes the compiler to 
generate special entry code for the 
function that saves all registers and in¬ 
sures that the OS register contains the 
address of the DGROUP segment. Special 



...ERRORS! 


End your listing errors by subscribing to 
TECH Specialist's code listings on disk. 



...HIGHER 

PRODUCTIVITY! 

Save hours of typing in long code listings 
and make better use of your time. 



...TO THE PHONE! 

Call 

913 - 841-1631 

TODAY! 


For only $30* you’ll receive 12 disks 
(one per issue) of TECH Specialist 
listings. You’ll save 50% off the price 
of buying the disks individually! 

If you don’t already subscribe 
to TECH Specialist -order both 
the magazine and disk 
for $59* 


Subscriptions must be prepaid 
and are available on 5.25“ 
or 3.5" MS-DOS format only. 


•foreign prices vary (call for details) 


Listing 2 (testbrk.c) 


File: testbrk.c 

This is the test driver for the routines in 
breakout.asm. 

Author: David Burki 

♦include <stdio.h> 


// define far a pointer to a void function 
typedef void (far *PFV)(); 

// function prototypes 
void insure(PFV); 

void interrupt far pre_termination(void); 
void cancel(void); 


function which performs any necessary clean-up before 
terminating the application 


*/ 


void interrupt far pre_termination() 

{ 

printf("\nln the pre-termination function\npress any key\n"); 

getch(); 

exit(l); 

} 

// test driver main function 
main() 

( 

// register the cancel function so exit will call it 
atexit(cancel); 

// install the breakout tool 
insure((PFV)pre_termination); 

// a never ending loop 
for(;;) 

» 

) 

/* End of File */ 


TECH. .. _ 
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Listing 3 (makefile) 


##... 

## This is the make file to build the executable test 
## driver for the breakout tool. 

## 

## Author: David Burki 

##. 


AM0DEL= large 
CMODEL' 1 
LANGUAGE' C 
TC LIBDIR' E:\TC\LIB 


## define the memory ... 

## model for the project 
## the high level language 
## and the library directory(s) 


testbrk.exe: listingl.obj listing2.obj 

tlink $(TC_LIBDIR)\C0$(CMODEL).obj listing2 \ 

listingl, testbrk.exe, nul, \ 

$(TC_LIBDIR)\C$(CMODEL) 


listingl.obj: listingl.asm 

tasm -Dm_model=$(AMODEL) -D1ang=$(LANGUAGE) $*; 


listing2.obj: listing2.c 

tcc -c -m$(CMODEL) $*.c 
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function exit code is also generated that 
restores the entry registers and returns 
using an IRET. When the clean-up func¬ 
tion has finished its tasks, the C library 
function exit() terminates the applica¬ 
tion. 

Listing 2 also contains a sample 
driver to test the breakout tool. The 
only thing to note about the driver is 
that the assembly language function 
cancel () is registered with the C library 
function atexit(). Passing the function 
pointer to atexit() registers the func¬ 
tion to be called during normal termina¬ 
tion. Registering cancel() with 
atexit() insures that when the ap¬ 
plication terminates normally, the can¬ 
cel () function is called before returning 
to DOS. All the interrupt vectors inter¬ 
cepted by the breakout tool are thus 
restored before the application ter¬ 
minates. 

Many similarities exist between this 
breakout tool and a “pop-up" TSR. Both 
require a means of detecting the hot 
key pressed, and both must be able to 
interrupt the foreground process, but 
must do so only when the operating 
environment is in a stable state. Be¬ 
cause of these similar requirements, 
many of the techniques used here are 
identical to those used to write suc¬ 
cessful “pop-up” TSR programs. 

Though none of us intentionally 
codes infinite loops, they happen more 
often than most of us would like to 
admit. By adding the breakout tool to 
your application during development, 
you can eliminate the frustration of 
having to re-boot. Code which hangs 
the machine can be tough to locate 
and correct. The breakout tool can ease 
the pain and help speed up the 
development effort. □ 
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80386 Protected Mode Programming In C 


Reviewed by Gary R. Olhoeft 


80386 Protected Mode Programming in C, Len Dorfman, 
windcrest, ISBN 0-8306-7736-4, $24.95. Source code: $29.95. 


Len Dorfman provides a limited introduction to the 32-bit 
protected mode environment in his new book, 80386 
Protected Mode Programming in C, published by Windcrest 
Books, an imprint of TAB Books, a division of McGraw-Hill, Inc. 
In this book, Dorfman, translates the 8086 text menuing sys¬ 
tem from his earlier book Building C Libraries-. Windows, 
Menus, & User Interfaces into the 80386 protected mode en¬ 
vironment. He restricts his development to the Phar Lap VCPI 
environment, using Microsoft MASM and Watcom 386 C/8.0. He 
does give a few examples with Phar Lap’s 3861 ASM assembler. 

Probably the most valuable feature of this book is the 
ability to compare the code with his earlier book and see the 
changes necessary to convert code from a 16- bit to a 32-bit 
environment However, the book does not discuss, nor is it 
generic to, all 32-bit extender environments. It contains errors, 
and despite its 1991 date, the book is seriously dated. Since 


the beginning of 1991, Intel has released their 386/486 C Code 
Builder Kit using either the included IGC DPMI 0.9 extender or 
the DPMI extender in Windows 3.0; Phar Lap and Ergo have 
released new DPMI-compatible extenders (Phar Lap’s 4.0 sup¬ 
ports all four protected mode extenders: DPMI 0.9 and 1.0, 
VCPI, XMS, and INT 15h); and Zortech has released 386 C++ 3.0 
with their DOSX extender based upon Rational System’s. On 
page 10, Dorfman states that code written for one extender 
will not run properly using another extender. This is only part¬ 
ly true as it is possible to write code that can identify the 
extender environment and proceed appropriately (see the 
Phar Lap 4.0 manuals for a discussion on how todo this). 

As an example, Dorfman changes the LDT (Local Descriptor 
Table) to access text screen video memory through: 

mov ax, ICh 
mov es, ax 

which is specific to the Phar Lap extender, but the sequence: 


Gory R. Olhoeft has been programming digital computers since 1968. He has a BSEE, MSEE and PhD in physics. Inquiries about the 
complete libhpgl.lib extended graphics library may be addressed to Gary R. Olhoeft, P.O.Box 10870 Edgemont, Golden, CO 80401; 
CompuServe 76665,2021, or golhoeft on BIX. 
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mov ax, ds 
add ax, 20h 
mov es, ax 

will work for both the Phar Lap and Ergo extenders to access 
the entire first megabyte of real memory, including both 
graphics and text screen memory. 

The book introduces the techniques to access text mode 
functions, generate sound, read the keyboard, and manage a 
mouse. It does not discuss graphics modes, disk management, 
handling mixed real and protected mode interrupts, or other 
functions that a programmer might require (such as linking a 
commercial 16-bit real mode library into a user’s 32-bit 
protected mode code). Some of these latter subjects are 
covered to one extent or another in the manuals supplied by 
the extender or compiler manufacturer. 

On page 11, Dorfman discusses the selection of a C com¬ 
piler, macro assembler, and DOS extender to work in 32-bit 
protected mode. If you choose the Watcom 386 C/8.0 com¬ 
piler, the Microsoft MASM assembler, and the Phar Lap VCPI 
extender, Dorfman's book is a good introduction to the world 
of protected mode programming. However, if you choose one 


of the other compilers that are supported under the Phar Lap 
extender (Watcom doesn't offer Weitek support but Metaware 
and MicroWay do, for example), be prepared for a lot of little 
changes to the code in the book (like the necessity for 
prepend or postpend underscores in the assembly code). If 
you choose another assembler, it may not generate 32-bit 
code properly (not all versions of MASM do). If you choose 
another extender, major changes may be required (for ex¬ 
ample, the code fragment above required to access the first 
megabyte of real memory is unnecessary and won't work 
under the IGC extender). Lastly, 32-bit UNIX and IBM's 32-bit 
OS/2 2.0 are different yet again. 

If you know nothing about 80386 protected mode and 
you're looking for a book to get you started in 32-bit 
protected mode programming, you might prefer to start with 
something more basic, such as Ray Duncan’s Extending DOS. 
But once you know the trade-offs between the extender en¬ 
vironments, you'll be better prepared to make the choices re¬ 
quired to choose a protected mode C compiler, assembler and 
extender. If you already have chosen Watcom C 386/8.0, 
MASM and Phar Lap, Dorfman’s book gives a completed text 
mode menuing/windowing system with source code available 
on disk, o 
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Learning to Program in C - 
2nd Edition 

By Thomas Plum 

In addition to giving the basics of 
pointers and structures, Plum guides 
the reader through portable programs 
for the full spectrum of processors, 
micro, mini and mainframe. The book 
is a tutorial, rather than a reference, 
and is designed to provide 
information you need to become a 
competent programmer in a real 
software engineering environment. 

Plum Hall, 372pp. ISBN:0-911537-08-2 

Y81. $29.95 
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C Programming 
Guidelines, 2nd Edition 

By Thomas Plum 

C Programming Guidelines offers a 
style standard for C projects, including 
rules and suggestions for consistent 
and portable use of C. Arranged in 
"manual page" format, it covers 
variables, data types, operators, 
expressions, statements, functions, 
files, libraries and documentation. An 
appendix covers some differences 
among many existing compilers. Plum 
Hall also offers a simple source license 
for the machine readable contents of 
the book. 


Plum Hall, 211 pp. ISBN:0-911537-07-4 

Y82. $29.95 


Efficient 

C 



Thomas Plum 
Jim Brodie 


Efficient C 

By Thomas Plum and Jim Brodie 

This book tells you how to make 
programs small and fast It includes 
tables of CPU time and code space for 
C operators, control structures, and 
function calls. It discusses optimization 
techniques performed automatically hy 
several current compilers in various 
environments, as well as those 
techniques which can be effectively 
used by the programmer. It assists you 
in accurately estimating the resources 
your program will use without resorting 
to assembler listings. It also addresses 
techniques for translating other 
languages into efficient C. 

Plum Hall, 166 pp. ISBN:0-911537-05-8 

Y83. $29.95 


Mk 


Reliable Data Structures in C 

By Thomas Plum 

Plum demonstrates how to use the 
"power” of O-pointers, structures, and 
files—with accuracy and knowledge. 
These techniques are illustrated with 
complete case study programs for 
sorting, screen handling, menu 
interaction, simulation, and record file 
handling. Besides discussing the 
formal aspects of each data structure, 
general purpose C functions are 
presented. A system of explicit 
programming rules covers disciplined 
usages of C pointers and structures. 

Plum Hall, 262 pp. ISBN:0-911537-04-X 

Y85. $29.95 


□ Please send me a FREE catalog of all 
your programming titles. 

Name 

Address 


City_ 

Country_Zipcode 

□ Check □ VISA □ MasterCard 

Acct #_ 

Exp._Signature 


All payments must be in US dollars. 


□ Y81.$29.95 

□ Y82.$29.95 

□ Y83.$29.95 

□ Y85.$29.95 

Shipping.$ 3.50 


(Foreign orders add 45% for shipping) 


Send order to: 


Total $ 



bunk she If 


2601 Iowa Street 

Lawrence, KS 66046 

U.S.A. RT2 


For fastest service call 913 841-1631 TODAY 
or FAX 913 841-2624 































































New Products 

Industry-Related News & Announcements 


Phar Lap Supports DPMI 

Phar Lap Software has released a new, DPMI-compliant 
version of its 3861 DOS-Extender. DPMI (DOS Protected Mode 
Interface) is an industry standard developed by Microsoft, 
Intel, Phar Lap, and a variety of other vendors to allow 
protected-mode DOS applications to run under Windows and 
future certified DPMI multitasking environments. 3861 DOS-Ex¬ 
tender v4.0 allows multi-megabyte extended DOS applica¬ 
tions to run under Windows 3.0 enhanced mode. 

3861 DOS-Extender v4.0 supports the following standards: 
INT 15, VCPI, XMS, DPMI, and VDS. VCPI support allows ex¬ 
tended DOS applications to work with EMS emulators, such 
as QEMM, 386MAX, and DESQview, and with Windows run¬ 


ning in real mode. XMS support provides compatibility with 
DOS 5.0 and Windows standard mode. DPMI support means 
that developers can create a single 32-bit application that 
runs under DOS, Windows, and OS/2 v2.0. 

The 3861 DOS-Extender Software Development Kit v4.0 
costs $495. Current Phar Lap customers can upgrade for free 
from version 3.0 or for a fee from version 2.2d: $150 for 
3861 DOS-Extender SDK and $25 for 3861 VMM, Phar Lap's vir¬ 
tual memory add-in driver. For more information, contact 
Phar Lap Software, Inc., 60 Aberdeen Ave., Cambridge, MA 
02138, (617) 661-1510; FAX (617) 876-2972. 


BigWin Targets 32-Bit Windows Developers 


Rational Systems has announced BigWin, a 32-bit Win¬ 
dows application extender that allows programmers to 
develop and run 32-bit Windows enhanced-mode applica¬ 
tions. BigWin offers source code compatibility, compiler inde¬ 
pendence and a zero-based flat memory model. The flat 
memory model replaces the traditional 8086 segmented 
memory model, using 32-bit pointers to address all of 
memory. 

BigWin is designed to make converting a 16-bit applica¬ 
tion into a 32-bit application as easy as recompiling the 


CSL Adds 32-Bit Support 

CSL32 is a new release of CSL, the C Scientific program¬ 
ming Library. CSL32 is designed specifically for 32-bit com¬ 
pilers and DOS extenders. Versions are available to support 
either WATCOM C 386 version 8 or the Intel C Code Builder. 
With this new version of CSL and a compatible DOS extender, 
you can now build programs that include numerical solu¬ 
tions for extended DOS. Numerical applications can access all 
memory, including memory above one megabyte on 80386 
and 80486 machines. 

CSL provides solutions for eigensystems, matrices, com¬ 
plex and real variables, linear algebra, differential equations, 


source. The product also allows developers to link BigWin ap¬ 
plications with 16- or 32-bit dynamic link libraries (DLLs) and 
to use Rational's Instant-D debugger with the 32-bit code. Ac¬ 
cessing 16-bit DLLs is necessary in order to be able to call 
popular existing libraries. 

BigWin is available directly from Rational Systems and 
prices start at $5,000. For more information, contact Rational 
Systems, Inc., 220 No. Main St Natick, M A 01760 (508) 653- 
6006; FAX (508) 655-2753. 


quadrature, curve fitting and interpolation, regression, root 
finding, optimization, linear programming, statistics, finance, 
time series, Kalman filtering, random number generators, dif¬ 
ferentiation, graphics, and more. 

CSL costs $520 and registered users can upgrade for 
$185. Registered users with a service maintenance agree¬ 
ment can upgrade for a distribution fee of $55. For more in¬ 
formation, contact Eigenware Technologies, 13090 Lo 
vista, Saratoga, CA 95070, (800) 933-7774; FAX (408) 867- 
6575. 
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MetaWare Supports 32-Bit Windows Applications 


MetaWare has announced the MetaWare Windows Ap¬ 
plication Development Kit (ADK) for creating 32-bit Windows 
applications. The MetaWare Windows ADK will allow 
developers to create, debug and run true 32-bit Windows ap¬ 
plications using the MetaWare High C locally or globally op¬ 
timizing compilers. The ADK will also support MetaWare's full 
32-bit runtime library. Applications that have been 
developed for 16-bit Windows can be ported with minimal 
changes, allowing developers to take advantage of 32-bit 
protected memory without the use of a DOS extender. 

The MetaWare Windows ADK costs $795 with an intro¬ 
ductory fee of $495, and is currently scheduled for release in 

October. The package requires the Microsoft Windows SDK 
and a MetaWare locally or globally optimizing compiler. Tech¬ 
nical support is included in the purchase price. For more in¬ 
formation, contact MetaWare, Inc., 2161 Delaware 

Avenue, Santa Cruz, CA 95060-5706, (408) 429-6382; FAX 
(408) 429-9273. 


XVT Goes Interactive 



XVT Software Inc has released XVT-Design, an interac¬ 
tive design tool and application generator for graphical user 
interfaces (GUIs). With XVT-Design, developers can design 

GUI resources, such as dialog boxes, windows, controls, 
menus and strings, in both a graphical and portable manner. 
XVT-Design can generate native resources for the environ¬ 
ments that XVT supports. It also generates C code for the 
application's user interface, C header files, a makefile, as well 
as URL, the Universal Resource language, used by the XVT 
libraries. 

XVT (the extensible Virtual Toolkit) is a software library 
that provides a common programming interface for different 

GUI platforms. XVT makes it possible to write graphical ap¬ 
plications that are portable across the most popular window 
systems, including OSF/Motif and OPEN LOOK for the X Win¬ 
dow System, Macintosh, Microsoft Windows, Presentation 

Manager for both OS/2 and CTOS, and XVT's own character- 
based window manager. 

XVT-Design is written entirely in XVT and is available on 
all XVT platforms. XVT-Design ranges in price from $900 to 
$2,500, depending on the platform. Source code is available. 

For more information, contact XVT Software Inc., P.O. Box 

18750, Boulder, CO 80308, (303) 443-4223. 


Head Fix Repairs Databases 



HICLO Software has released Head Fix, an automated pro¬ 
gram to restore headers and memo file pointers in X-Base 
database files, including Clipper Extended, dBase IV, and Fox¬ 
Pro. Head Fix repairs two to three files per second, works 
with files up to two gigabytes, and runs on networks sup¬ 
porting standard DOS interrupts. It cannot fix headers with 
missing field names, field types, or field lengths. The pro¬ 
gram is self-documenting, sending the help text either to a 
printer or a disk file. 

Head Fix flags invalid field name characters, along with 

Date, Memo, and Logical fields with incorrect lengths, and 
numerical fields with an invalid number of decimal places. It 

corrects lowercase field names, resets the record counter, 
header length, record length, field offsets, end-of-file marker, 
and the next block pointer in memo files. At termination, 

Head Fix displays the DOS ERRORLEVEL code along with the 
number of good, bad, and fixed files. 

In cases beyond Head Fix's capabilities, QuickFix-2 
replaces headers, corrects offsets, and replaces bad bytes. 

Head Fix and QuickFix-2 each cost $49.95; you can buy the 
two together for $79.95 plus $5 shipping and handling. For 
more information, contact HILCO Software, 11266 Barnett 

Valley Road, Sebastopol, CA 95472-9555, (707) 829-5011. 


Genus Adds Special Effects 



Genus Microprogramming is adding GX Effects to their 

GX Development Series. GX Effects allows developers to 
fade, wipe, roll, randomize, slide, spiral, and explode their 
graphic images for attention-getting special effects. GX Ef¬ 
fects can display full and partial screen images and dissolve 
any number of images at any pixel location on the display. 

The package also offers new animation and sprite 
capabilities as well as a new optimized transparent put func¬ 
tion. In addition to more than 50 image dissolve effects, GX 
Effects also includes palette cycle and palette fade functions 
for palette effects. 

Besides visual effects, GX Effects provides a music defini¬ 
tion language along with a SoundBlaster voice file interface 

that allows developers to add sound effects to their 
programs. For example, a program can play music in the 
background while animating the display. GX Effects supports 
all display modes of the Hercules, CGA, EGA, VGA and Super 

VGA display adapters. The package includes compiler inter¬ 
aces for C, Pascal, BASIC, FORTRAN, assembly language, and 

Clipper. 

GX Effects requires DOS 2.1 or later (3.0 or above for disk- 
based memory support) and costs $199. Source code costs 
an additional $200. For more information, contact Genus 
Microprogramming 11315 Meadow Lake Houston, TX 

77077, (800) 227-091 8; FAX (713) 870-0288. 
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TSX Supports LANs/WANs 

S&H Computer Systems has released TSX-32 v3.1, which 
introduces TSX-Net peer-to-peer networking services using 
TCP/iP over Ethernet or async links. With TSX-Net, an un¬ 
limited number of multi-user or single-user PCs running the 
TSX-32 multi-tasking operating system can share resources 
over an Ethernet network. This version of TSX-32 is com¬ 
patible with more interfaces and devices and features an 
automated installation facility. 

Every TSX-Net node can act as a file or communications 
server for any other node in the network and serve as a 
remote host for other users on the network and, at the 
same time, support one or more users. TSX-Net supports a 


Berkeley SOCKET API and TCP/IP in order to interoperate with 
heterogenous systems. Users can control the amount of dis¬ 
tributed processing and fault tolerence. Since TSX-Net can 
operate over high-speed Ethernet links and serial lines, you 
can use it to build LANs or WANs. 

TSX-32 license fees range from $450 to $1450 for multi¬ 
user and single-user multi-tasking versions. Adding TSX-Net 
to a TSX-32 system costs from $100 to $200. A TSX-Net LAN 
with up to 128 single-user, multi-tasking workstations costs 
$2500. For more information, contact S&H Computer Sys¬ 
tems, Inc., 102717th Ave. South, Nashville, TN 37212, 
(615) 327-3670; FAX (615) 321-5929. 


Scientific Endeavors Updates Graphic 

Graphic is a set of graphics tools for scientists and en¬ 
gineers. This version uses a new algorithm for contour plot¬ 
ting and now supports polar and trangular contour plots. 

You can now shade the regions between contours with 140 
colors and 15 different patterns. The 23 high-resolution 
Graphic fonts have been extended to contain 167 characters 
each. Graphic can now clip multiple sets of rectangular 
areas, to reserve them for legends or labels. This version also 
contains more post-processing capabilities. A cross-hair 
mode allows you to read out points from linear, log, or polar 
plots. Plots can be annotated using PostScript text strings 


and lines can be drawn. You can reopen a finished plot and 
add more material. 

Graphic is licensed for personal use only and royalty 
agreements and internal site licenses are available. Graphic 
6.0 costs $465 and GraphiC-286 costs $495. The Graphic font 
editor has also been rewritten and costs $35 when pur¬ 
chased with Graphic. Owners of Graphic 5.x can upgrade to 
Graphic 6.0 for $150 or to GraphiC-286 for $180. For more in¬ 
formation, contact Scientific Endeavors Corporation, 508 
North Kentucky Street, Kingston, TN 37763, (615) 376 
4146; FAX (615) 376-1571.. 


RTPatch Reduces Software Update Sizes 

Pocket Soft is now shipping .RTPatch, a program 
developers can use to update any type of software file, in¬ 
cluding executable, database, text, spreadsheet and rate 
files. .RTPatch consists of two programs: PATCFIBLD creates a 
patch file containing only the differences between two file 
versions and PATCH applies the patch file to a previous ver¬ 
sion of the designated Files. Software developers creating 
software upgrades use PATCHBLD to create patch files that 
typically require much less space than redelivering the en¬ 
tire product. Customers can then use PATCH to apply the 
patch files to the existing version of the product, producing 
the upgraded version in less time and with fewer floppies. 

PATCHBLD automatically verifies that the generated 
patch files are correct by applying the patches to produce a 


temporary copy of the new file versions and then perform¬ 
ing a byte-by-byte comparison with the original copy of the 
new version. PATCHBLD also compresses the patch files to 
maximize the space savings. The program allows the 
developer to specify parts of a file that should not be af¬ 
fected by the patch, such as disk serial numbers or areas 
containing data that the end user already customized. Since 
the patch files are useless to anyone who does not own a pre¬ 
vious version of the product, developers can safely distribute 
upgrades on bulletin board systems or via electronic mail. 

.RTPatch costs $495 but is available for a limited time for 
$295. For more information, contact Pocket Soft, Inc., P.O. 
Box 821049, Houston, TX 77282, (713) 460-5600; FAX 
(713) 460-2651. 


ImageMan DLL Handles Graphics Files 

ImageMan is an object-oriented Windows library that al¬ 
lows developers to add image display and print capabilities 
to their Windows applications. A single set of function calls 
provides access to TIFF, PCX, Encapsulated Postscript (EPS), 
Windows Metafile and Bitmap image formats. ImageMan is 
supplied as a Windows DLL, so it is accessible from C, C++, 
Turbo Pascal for Windows, Visual Basic, Smalltalk/V, Actor, 
and any other language that supports DLLs. 


ImageMan supports unlimited image sizes, an unlimited 
number of open images, and 24-bit color. ImageMan costs 
$395 or $995 with source code (C and assembly language). 
For more information, contact Data Techniques, Inc., 1000 
Business Center Drive, Suite 120, Savanna, GA 31405, (912) 
651-8003; FAX (912) 651-8021. 


Page 74 — TECH Specialist 


October 1991 







EZ-INSTALL v4.0 Handles Windows .INI Files 


The Software Factory, Inc, has announced a new version 
of EZ-INSTALL EZ-INSTALL is a toolkit designed to help 
programmers simplify the installation process of their ap¬ 
plications. EZ-lnstall generates complete installation routines, 
eliminating the need to create and maintain custom installa¬ 
tion software for your product 

EZ-INSTALL v4.0 adds the ability to automate the 
modification and updating of Windows initialization (.INI) files 
just as previous versions handled CONFIG.SYS and 
AUTOEXEC.BAT. This version also automates group file instal¬ 


ReNamer Makes Global Changes 

ReNamer is a new DOS tool for renaming files and program 
symbols. ReNamer understands the symbol naming and syn¬ 
tax of many programming languages and processes ASCII and 
documentation files as well. ReNamer applies naming chan¬ 
ges uniformly across all specified software files. The converted 
files can then be recompiled on the new platform. 

ReNamer can be used to clean up naming conventions, 
shorten names to meet compiler restrictions in other en¬ 
vironments, or change names as part of internationalization. 


lation, allowing the end user to select from several groups of 
files to install. Another new feature allows the developer to 
detect the presence of a network on the installation com¬ 
puter and take appropriate action. 

EZ-INSTALL v4.0 costs $249, but is available for $199 for a 
limited time. The OS/2 version costs $349 and you can pur¬ 
chase both the DOS and OS/2 versions together for $449. For 
more information, contact Brad Whitlock at Software Fac¬ 
tory, Inc, 17610 Midway Rd., Suite 134-222, Dallas, TX 
75287, (214) 490-083 5; FAX (214) 306-4552. 


ReNamer supports applications which contain one or any 
combination of: BASIC, batch files, C, C++, COBOL, FORTRAN, 
Macro Assembler, Oracle, Pascal, PL/I, REXX and embedded SQL 
The ReNamer package is available from ConVal Software 
and costs $40.00 plus $2.00 shipping and handling. Shipping 
and handling outside of the U.S. costs $10.00. For more infor¬ 
mation, contact ConVal Software, Inc., 11607 E Butter 
Creek Rd., Moorpark, CA 93021, (805) 529-6847. 
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ABC Releases Editor And Interface Libraries 


Automated Business Consultants, Inc, has announced 
two new libraries for C programmers. The C Editor allows 
developers to include a complete word processor in their ap¬ 
plications. The library supports multiple windows, text jus¬ 
tification, search and replace, cut and paste, boldface, 
underlining, spelling checking, printing, and can edit Files of 
any size. 


Menu+ is a user interface library with window functions, 
window status tracking, pulldown bars, popup button 
menus, data entry functions, file and directory browsers, 
pick lists, and more. The C Editor and Menu+ together cost 
$325, or you can purchase Menu+ separately for $ 150. For 
more information, contact Automated Business Consult¬ 
ants, P.O. Box 5642, Evansville, IN 47715, (812) 477-6482. 


VZ Releases VZ Programmer v2.0 

VZ CORP has released VZ Programmer v2.0, an integrated 
applications development package for Windows and PM. VZ 
Programmer provides an alternative to writing class libraries 
by enabling developers to create applications by graphically 
building software components. The GUI construction toolkit 
contains a number of predefined classes that allow users to 


SLR Updates OPTLINK/Compress 

OPTLINK/Compress is a DOS linker that provides com¬ 
pressed, single-level overlays. OPTLINK/Compress produces a 
compressed .EXE that is up to 50 percent smaller than the 
normal size. The compressed .EXE contains decompression 
code that dynamically expands the program back to its 
original form when executed. OPTLINK Compress v3.0 can 
now handle indirect calls, up to 8192 overlays, EMS/XMS 
caching, overlays to a separate file, calls from overlay to 


Cross-Disassembler Supports 8096/80196 

LOGISOFT has announced Professional Analytic 
8096/80196 Cross-Disassembler. This cross-disassembler al¬ 
lows engineers to decode and analyze 8096/80196 programs 
from a PC. LOGISOFT disassemblers feature automatic lable 
generation, to produce meaningful code listings. A command- 
oriented executive provide file and memory manipulation 
and relocation registers to handle multi-module programs. 

The program also allows flexible symbol manipulation. 


literally draw their entire application interface. VZ Program¬ 
mer applications can run on either DOS Windows or OS/2 PM. 

VZ Programmer v2.0 costs $595 for Windows and $995 
for OS/2 PM. For more information, contact John Barraclough 
at VZ CORP, 57 West South Temple Street, Salt Lage City, 
UT 84101, (801) 595-1352. 


overlay, root and overlay compression, large and small 
model overlays, and automatic allocation of libraries. 

OPTLINK/Compress v3.0 costs $350. Registered 
OPTLINK/Compress users who purchased OPTLINK/Compress 
2.50 on or before January 23,1991 can upgrade for $75. 

Users who purchased after that date will receive a free 
upgrade. For more information, contact Lisa Murtland at SLR 
Systems, 1622 N. Main Street, Bu tier, PA 16001, (412) 282- 
0864; FAX (412) 282-7965. 


LOGISOFT also sells cross-disassemblers for 8051, 8048, 
8080/85, SPARC, 68000, 6800, 6805, 6809, 68HC11, 

6502/65C02, Z80/180, 9900, and other compatible 
manufacturer's families of microprocessors and 
microcontrollers. The Professional Analytic 8096/80196 Cross- 
Disassembler costs $475. For more information, contact 
LOGISOFT, P.O. Box 61929, Sunnyvale, CA 94086, (408) 773- 
8465; FAX (408) 773-8466. 
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Frequently-Asked 
Windows Questions 


Tom Haapanen 



when Microsoft Windows 3.0 was introduced in May of '90, the Internet 
newsgroup for Windows, comp.windows.ms, quickly began to overflow with both 
technical and non-technical discussions. As the situation got worse, I initiated the 
process for creating a new subgroup, comp.windows.ms.programmer, for Windows 
developers and programmers. The volume continued to grow, though, so in October 
of '90 1 decided that it was time to create a pair of FAQ (Frequently Asked Questions) 
articles that would cover the most common topics and be a quick reference for 
many people. 

I post the FAQ articles to the Usenet newsgroups and the BITNET WIN3-L twice a 
month. This article is an expanded and enhanced version of the comp, win¬ 
dows.ms. programmer version of the FAQ. 1 would like to express my thanks to all the 
participants of the Usenet newsgroups who have contributed to the FAQ postings, 
and thus also to this article. 

Since many questions relate to what products are available and what products 
work with Windows, this article contains some product information. Although ac¬ 
curate at the time it was written, Windows products are constantly being enhanced 
and new ones are being introduced, so some of this information will quite likely be 
out of date by the time you read this. The product list is by no means complete, but 
is a representative sample of what is available. 

Windows Memory Management 

With Windows 2.x, the application was always running in the same environment; 
the processor was always running either in real mode, or in virtual 8086 mode in 
Windows/386. With Windows 3.0, however, there are a wide range of possibilities for 
memory management. The Real mode is basic-ally a relic from the past, but there is 
also a Standard mode and a 386 Enhanced mode, both of which run in a protected- 
mode environment. Alas, unlike Unix or OS/2, all the Windows applications run at the 
supervisor level, and thus are not protected from each other. 


Tom Haapanen is a software engineer at Waterloo Engineering Software, a small 
company specializing in engineering-oriented applications for PC-based systems. He 
has previously worked on a variety of software projects ranging from compilers to 
advertising reservation systems. He can be reached through the Internet as 
tom@mims-iris.waterloo.edu, or by mail at Waterloo Engineering Software, 22 
Dupont St E., Waterloo, Ont, Canada, N2M 5L8. 
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In early 1990, VCPI (Virtual Control Program Interface), was the de facto standard 
for DOS extender memory management. However, when Microsoft moved Windows 
to protected mode, it decided that the level of security and robustness provided by 
VCPI was unacceptable for multitasking. Thus, Microsoft and Intel jointly developed a 
new specification, the DOS Protected Mode Interface (DPMI). The latest specification, 
version 1.0, is available free of charge from Intel, but Windows uses version 0.9, the 
version in effect when Microsoft released Windows 3.0. 

Windows uses DPMI indirectly, via HIMEM.SYS. HIMEM.SYS allocates memory using 
the DPMI mechanism and then gives it out to other applications using XMS (e- 
Xtended Memory System), a method first pioneered by Quarterdeck in QEMM. Once 
HIMEM.SYS receives its first memory allocation request, it grabs all the available DPMI 
memory for future XMS reallocation. Thus, utilities such as Norton SI will report OK 
extended memory available as soon as you first use SmartDrive or start Windows. 

Unfortunately, the move to DPMI and XMS also made Windows (and worse yet, 
the entire system once HIMEM.SYS has been accessed) incompatible with existing 
protected-mode applications (such as AutoCAD and Lotus 1-2-3 3.0). You can over¬ 
come this by using a specialized memory manager such as QEMM-386 or 386Max. 

The 386 Enhanced mode provides, in addition to pre-emptive multitasking of DOS 
applications, virtual memory management. The user can configure a permanent 
swapfile (a‘ la UNIX), or the system will automatically swap to a temporary one. 

Free System Resources 

Free system resources are things such as window handles and global memory 
block handles. You can’t increase them by just adding more memory; the only real 
solution is to close some applications if you are running low. This restriction is due 
to Windows' use of a single, global 64Kb segment to store this information; Windows 
3.1 is reputed to have higher limits, and a later version will do away with the limits 
altogether. 

Traditional Development Tools 

Traditional third-generation programming languages (such as C, Pascal, BASIC and 
Modula-2) are the most common method of developing Windows applications, with 
C the clearly dominant language. As a result, most Windows development books and 
articles deal with the use of C, and you will need to convert the examples to the 
language of your choice. 

Most 3GL languages require the purchase of the Microsoft Windows Software 
Development Kit (SDK). The SDK contains the necessary libraries, development tools 
and documentation to develop a Windows application. The only thing that the SDK is 
not sufficient for is device driver development; for this, you also need the Device 
Driver Kit (DDK). Some of the development languages do not require the SDK, either 
because the libraries are included (Zortech C++, Borland C++) or because the language 
is so tightly integrated with Windows that a SDK is not used (Visual Basic). You can 
buy Microsoft C bundled with the SDK. If you plan to use a non-Microsoft compiler, 
call Microsoft Technical Support to obtain the free Supplemental Compiler Utilities disk. 

Be aware that in addition to the libraries, the SDK also contains a set of manuals, 
which can be purchased separately, several debugging tools, and the Windows 
debugging kernel, which is only available with the SDK. I can not overemphasize the 
importance of testing commercial applications with the debugging kernel prior to 
release: it will catch a number of errors that may appear to run just fine with the 
standard Windows kernel. 

Windows Language Products 

Here is a list of language products that programmers on the Internet have used 
successfully with Windows: 

• Assembler: Microsoft Macro Assembler, Turbo Assembler 

• BASIC: Realizer, Visual BASIC, ZBASIC 

• C: Microsoft C, QuickC, Topspeed C, Watcom C, Watcom C/386 

• C++: Borland C++, Glockenspiel C++, Topspeed C++, Zortech C++ 
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Table 1 


Offset 

Description 

ooh 

Largest available free block in bytes 

04h 

Maximum unlocked page allocation 

08h 

Maximum locked page allocation 

OCh 

Linear address space size in pages 

lOh 

Total number of unlocked pages 

14h 

Number of free pages 

18h 

Total number of physical pages 

iCh 

Free linear address space in pages 

20h 

Size of paging file/partition in pages 

24h 

Reserved 

Buffer Returned by DPMI Function 0500h 


• COBOL: MicroFocus COBOL, Microsoft COBOL 

• FORTRAN: Microsoft FORTRAN, Watcom FORTRAN, Watcom 
FORTRAN/386 

• Modula-2: Stonybrook Modula-2, Topspeed Modula-2 

• Pascal: Microsoft Pascal, Topspeed Pascal, Turbo Pascal for 
Windows 

Note that Borland C++ and Zortech C++ each contain two com¬ 
plete languages: C and C++. Borland C++ currently cannot 
generate Windows applications that run in Real mode. 

A number of vendors sell application generators and user 
interface builders as well, most of which generate C code for 
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Microsoft or Borland compilers. These include W:CASE, 
WindowsMAKER, VZ Programmer, Winpro/3 and ProtoGen. 
Windows C++ class libraries include Commonview, C++/Views, 
Tier++ and Blaise++. XVT++ requires the use of the XVT port¬ 
able libraries, while Blaise++ is a version of Tier++ intended 
specifically for the Borland C++ compiler. 

Integrated Environments 

Windows is well suited for integrated development en¬ 
vironments, and this shows in the number of available 
choices. The following paragraphs present some of the more 
significant choices, but a number of other products are also 
available. Visual Basic, and to a lesser extent, Turbo Pascal for 
Windows, covered in the previous section, can also be clas¬ 
sified as integrated packages. 

The grandfather of the integrated Windows packages is 
Actor from the Whitewater Group. Actor is an object-oriented 
programming (OOP) environment providing a rich set of classes 
for developing Windows applications. Although the finished 
program is usually slow compared to an application developed 
with C and SDK, Actor is a speed demon compared to Tool¬ 
Book. There are no runtime fees, but resource tools are not 
included in some of the Actor packages. 

Although not as mature in the Windows environment as 
Actor, Smalltalk is one of the oldest integrated OOP environ¬ 
ments. There are two implementations: Objectworks\Smalltalk 
and Digitalk Smalltalk/V. Both offer a high degree of portability 
to other windowing environments, but at widely varying cost. 

Borland's ObjectVision is a new class of application, but can 
be described as a visual spreadsheet. While it allows for easy 
creation of a structured data entry application, it lacks a pro¬ 
cedural programming language. ObjectVision allows non¬ 
programmers to build intelligent data entry forms that 
operate on existing databases. An extra-cost runtime package 
allows unlimited runtime distribution. 

Asymetrix's ToolBook first appeared in the free DateBook 
demonstration, included with early copies of Windows 3.0. it 
provides an environment similar in concept, but different in 
implementation, to the Macintosh HyperCard. A utility is avail¬ 
able to convert HyperCard stacks into ToolBook books, and a 
separate kit allows runtime distribution. Alternatively, Spin¬ 
naker Software’s PLUS is a true HyperCard workalike product. 

Linking For Windows 

The single most common problem novice Windows 
programmers run into is linking. Although installing the SDK 
creates the correct libraries, it does not ensure that the cor¬ 
rect linker is being used. The standard Microsoft linker (Overlay 
Linker 3.65), cannot link a Windows application, and will 
produce reams of errors complaining of missing functions. 

The two options are to use LINK4, which came with the 
Windows 2.x SDK, or to use the bound linker (Segmented-Ex- 
ecutable Linker 5.11) included with Microsoft C and other com¬ 
pilers. The bound linker, intended for Windows and OS/2 
development, is also available separately with the Supplemen¬ 
tal Compiler Utilities diskette. Other linkers that work for Win¬ 
dows development are Optilink/Windows, Borland’s TLink and 
Watcom’s WLink. 
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The segmented-executable linker is relatively slow, espe¬ 
cially for large applications containing numerous source files, 
while OptiLink is much faster, more speed can be extracted 
even from the standard linker by either linking without a 
symbol table, or by compiling only selected modules with the 
debugging options (symbol table and line numbers) turned on. 

Debugging In Windows 

If you use an integrated development package, you are 
limited to (and provided with) a dedicated debugging system 
built into it. However, if the tool of your choice is a conven¬ 
tional programming language such as C or C++, you have 
several choices. 

In real mode, you are limited to SYMDEB, which is rather 
basic. However, since developing in real mode is not recom¬ 
mended (as it won’t catch errant pointers and other 
problems), and because real mode development is too painful¬ 
ly slow to contemplate, the lack of a good debugger is not 
much of a problem. 

In standard mode, you can use SYMDEB or CodeView for 
Windows (CVW), which are both included with the Windows 
SDK, or you can buy Logitech's Multiscope (list price: $500). 
The CVW included with the SDK requires a secondary monitor, 
as it does not work with a serial terminal. Microsoft C 6.0ax 
includes a single-monitor version, CVW V3.05. That version of 
CVW is also available separately from Microsoft, and provides 
screen swapping to switch between the Windows display and 
the debugger. MultiScope is a separate product that provides 
an extensive windowed interface for all Windows modes. 
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MultiScope also supports several remote debugging options (a 
second monitor, over the serial port, or over a network). 

Watcom compilers include their own WVideoW debugger 
that utilizes a second monitor. You can use Borland's Turbo 
Debugger for Windows (TDW) with either a second monitor, or 
on a single screen. However, in the latter case, TDW requires 
you to use the standard VGA display driven it will not work 
with EGA or SVGA displays. 

If you develop in 386 enhanced mode, you have an addi¬ 
tional option of using wdeb386, which provides some further 
debugging features over CVW, at the expense of an anti¬ 
quated user interface. wdeb386, which is included with the 
SDK, will work either with a secondary monitor or a serial 
terminal. 

Creating Help Files 

To create the hypertext help files for the Windows help 
engine, you need to create the templates in the Rich Text 
Format (RTF), and with specific control codes. Once you create 
the RTF files, you use he, the help compiler, to compile them 
into .HLP files, he comes with the SDK and a number of other 
development products, including Borland C++. 

A growing number of word processors can create RTF files. 
While most developers use Microsoft Word for Windows, the 
following word processors all claim to have at least some 
level of support for RTF: 

• Ami Professional 

• JustWrite 

• Microsoft Word for DOS 
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• Microsoft Word for Windows 

• Microsoft Works 

• Professional Write Plus 

• Word for DOS 

• Word for Windows 

In addition to RTF, the word processor must also support 
“hidden text” to fully utilize the help compiler. Several word 
processors on Macintosh and NeXT systems also support RTF. 

Shareware help creation tools also exist txt2rtf and Xan- 
tippe, and a set of shareware WordPerfect macros for creating 
RTF files. Additionally, the Word for Windows Working Model 
can produce fully functional but size-limited RTF files. 

User Interface Intricacies 

Q: Flow can I hide dialog box controls? 

A: You have to disable the control, hide it, and then update 
the dialog box window: 


Listing 1 

/* 

* MyYield(): process any pending 

* messages to the application, 

* and return when none in the queue 
*/ 

void MyYieldO 
{ 

MSG msg; 

while ( PeekMessagef &msg, NULL, 

NULL, NULL, PM_REM0VE ) ) ( 
if ( TranslateAcceleratorf 

hMainWnd, hAccTable, &msg) ) 
continue; 

TranslateMessagef &msg ); 
DispatchMessagef &msg ); 

} 

} 

/* End of File */ 


Table 2 

VGAPAL 

SYSPAL 

00 

00 

01 

01 

02 

02 

03 

03 

04 

04 

05 

05 

06 

06 

07 

12 

08 

07 

09 

13 

10 

14 

11 

15 

12 

16 

13 

17 

14 

18 

15 

19 

The Windows System Palette to VGA Palette Mapping 


EnableWindow(GetDlgItem( 
hDlg,IDD_CONTROLTOHIDE), 

FALSE); 

ShowWindow(GetDlgItem(hDlg, 

IDD_C0NTR0LT0HIDE), 

SWHIDE); 

UpdateWindow(GetDlgItem(hDlg, 

IDD_C0NTR0LT0HIDE)); 

Q: How can I add pushbuttons and edit controls to a “nor¬ 
mal” window that is not a dialog box? 

A: You can do this by simply .calling CreateUindow() with 
one of the pre-defined child window control class names (see 
table 4.2 in the SDK reference manual). 

Q: How do I change the pushbutton colors? 

A: In Windows 3.0, the button face is defined by two 
colors. The grey (white if using an EGA or CGA display driver) 
face and a dark grey (gray for CGA/EGA) shadow. The colors 
also change when the button goes from a normal to pushed- 
in state. The UM_CTLC0L0R message only allows you to change 
one color at a time so it isn't clear to which of the button face 
colors this message should apply. (Windows 2.x button faces 
had only one color so it made sense.) 

It might have been possible to use the background color 
for the button face and the foreground color for the button 
shadow, and then some XOR operation for the text, but this 
would not have been consistent with the Windows 2.x be¬ 
haviour. Hence, at least for now, we are stuck with pushbut¬ 
tons with fixed colors. The only way to change the colors is to 
specify ButtonColor=, ButtonShadow= and ButtonText= in 
the [Colors] section of your WIN.INI file. 

Q: Why does the SDK Guide to Programming say that I 
should not subclass standard edit controls? 

A: The reason Microsoft advises against subclassing stand¬ 
ard controls is that their implementation is version-dependent, 
and your subclassing code may break in a future version of 
Windows. If you are willing to take that chance, though, you 
can subclass them by having your own window procedure 
handle the messages for the windows you create. What is 
definitely a bad idea is superclassing a standard control by 
calling SetClassLongO to change the window procedure for 
all such windows, as this will affect all edit controls in all ap¬ 
plications currently running in the Windows session, not just 
your application. 

Q: How do I align columns in a listbox? The proportional 
system font causes the columns to be badly misaligned. 
Should I switch to a fixed font? 

A: in the resource file make sure the listbox has the 
LBSJJSETABSTOPS style. When you add the items to the 
listbox, separate the fields with tabs. You can either use the 
default tab stops, or, preferably, set your own by sending the 
listbox the LB_SETTABSTOPS message when initializing the 
dialog. Using a fixed font for listboxes makes your application 
look inconsistent and out-of-date. For more information, see 
SDK Reference vol.1, page 6-44, and SDK Reference vol.2, page 
8-43. 

Q: Should I just use GetStockObject(GCU_WHITEBRUSH) for 
my window backgrounds? 
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A: Not unless you insist on a white background. It is 
preferable to use the Control Panel-defined window back¬ 
ground color instead: 

WinClass.hbrBackground 
= C0L0R_WIND0W + 1; 

Q: How can I force a window to stay iconic? How can I 
make it non-resizable? 

A: In order to make your application always remain an 
icon, you must process the m_QUERYOPEN message. If your 
window procedure always returns zero for this message, you 
indicate to windows that the icon cannot be opened into an 
ordinary window. 

To retain a fixed size, you must process the UM_GETMIN- 
MAX INFO message. When you get it, modify the information 
pointed to by l Pa raw-. 

LPPOINT IpSize = (LPPOINT)1Param; 
lpSize[3].x = theRightWidth; 
lpSize[4].x = theRightWidth; 
lpSize[3].y = theRightHeight; 

1pSize[4].y = theRightHeight; 

If you don't want the window to be maximized or iconized, 
create it with the ~US_MAXIMIZEBOX or ~WS_MINIMIZEBOX 
styles (or both), and disable those items from the system 
menu, if you have one. Also, you can disable resizing by creat¬ 


ing the windows with ~US_THICKFRAME, and again disabling 
the “Size..." item on the system menu. 

To Build An Application 

Q: Should I use emulator or alternate floating-point math? 

A: The alternate math package is faster on non-coproces¬ 
sor-equipped machines, but slower on those equipped with a 
math chip. Depending on your application, you might want to 
ship either one, or both. Borland C++ and a number of other 
languages do not support the alternate math package. 

Q: Why should I not use large model in my Windows ap¬ 
plication? Can I do it anyway? 

A: Yes, you can do it. There are several problems with 
using large model, though: 

1. Your program's data memory will be fixed in real mode. 
Effectively, your application will cripple any real-mode 
Windows system. If you do not expect to run in real mode 
anyway, this may not matter to you. 

2. You will only be able to have one instance of your 
application active at any one time. 

3. Your application will run more slowly. 

You should consider very carefully before you decide that 
large model is the only way to go; the preferred method is to 
use medium model, and to allocate far data as required. 

Another alternative for large applications is to use Watcom 
C/386 or Zortech C++/386 for development; these will let you 
use a single 4GB segment, and 32-bit registers, increasing your 
applications performace substantially (but limiting it to running 
in 386 enhanced mode). Also, the applications will still need to 
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Listing 2 

/* 

* From netlib archives: netlib@ornl.gov 
*/ 

#include <stdio.h> 

#include <math.h> 

/* 

* Hue conversion table 

* 

* Computed from the FMC-1 color difference formula, Barco monitor 

* max(r,g,b)=l, n=61 magenta, 2 Jan 1986 
*/ 

double huettab[61] = { 


0 . 0000 , 

0.0062, 

0.0130, 0.0202, 0.0280 

0.0365, 0.0457, 

0.0559, 0.0671, 0.0796 

0.0936, 

0.1095, 

0.1275, 0.1482, 0.1806 

0.2113, 

0.2393, 

0.2652, 0.2892, 0.3119 

0.3333, 

0.3556, 

0.3815, 0.4129, 0.4526 

0.5060, 

0.5296, 

0.5501, 0.5679, 0.5834 

0.5970, 

0.6088, 

0.6191, 0.6281, 0.6361 

0.6430, 

0.6490, 

0.6544, 0.6590, 0.6631 

0.6667, 

0.6713, 

0.6763, 0.6815, 0.6873 

0.6937, 

0.7009, 

0.7092, 0.7190, 0.7308 

0.7452, 

0.7631, 

0.7856, 0.8142, 0.8621 

0.9029, 

0.9344, 

0.9580, 0.9755, 0.9889 


1.0000 

}; 


/* 

* This routine computes colors suitable for use in color level plots. 

* Typically s=v-l and h varies from 0 (red) to 1 (blue) in 

* equally spaced steps. (h=.5 gives green; l<h<1.5 gives magenta.) 

* To convert for frame buffer, use R » floor(255.999*pow(*r,1/gamma)) 

* etc. 

*/ 

double 

rainbow( double h, double s, double v, 
double *r, double *g, double *b ) { 

int i; 

double modf(double, *double); 
double trash; 

h = 60*modf( h / 1.5, &trash ); 
i = floor( h ); 

h = huettab[i] + ( huettab[i+l] - huettab[i] ) * ( h - i ); 
hsv2rgb( h, s, v, r, g, b ); 

) 

/* 

* This routine does the actual conversion. 

* Here, h=.667 gives blue, h=0 or 1 gives red. 

* See Alvy Ray Smith, Color Gamut Transform Pairs, SIGGRAPH '78 
*/ 

void 

hsv2rgb( double h, double s, double v, 
double *r, double *g, double *b ) { 

int i; 

double f, m, n, k; 

double modf(double, *double); 

double trash; 

h = 6*modf(h,&trash); 
i = floor(h); 
f = h-i; 
m = (1-s); 
n = (l-s*f); 
k = (1-(s*(l-f))); 


switch - automatically - into 16-bit 
mode to make Windows API calls (and 
into real mode for BIOS and DOS calls). 
Note, however, that although using a 
32-bit compiler eliminates the speed 
problem, the application will still be 
restricted to a single instance. 

Q: How do I determine how much 
physical memory is installed, in order 
not to cause swapping in 386 Enhanced 
mode? 

You need to make a DPMI call to ob¬ 
tain that piece of information. To call a 
DPMI function, invoke the interrupt 31h ; 
on return, the carry bit will be clear if 
the call was successful. DPMI call 0500h, 
with ES:DI pointing to a 30h byte buff¬ 
er (see Table 1) returns the “Free 
Memory Information". You can deter¬ 
mine the size of one page in bytes with 
DPMI function 0604h, which returns the 
page size in bytes in BX:CX. 

The complete DPMI 1.0 specification 
is available free from Intel Literature 
JP26, Santa Clara. It’s also available for 
ftp access on cica.cica.indiana.edu 
on the Internet. 

Q: What is the correct procedure for 
linking fonts into a .FON file? 

A: The linker provided with the Win¬ 
dows 3.0 SDK produces the following 
error when linking fonts: 

Link Error L2049 no segments 
defined 

This is a bug in link. The fix is to run 
exehdr /r on the .EXE file, and then 
run rc on it. The SDK linker incorrectly 
detects an error, and marks the result¬ 
ing .EXE file with an error bit, even 
though the the .EXE file is actually OK. 
Exehdr /r resets this error bit, after 
which rc will work just fine. An alter¬ 
nate solution is to use Iink4 from Win¬ 
dows 2.x SDK. 

Q: How can I allocate global memory 
that is owned by a DLL? 

A: Normally, if you use Global- 
Alloc() in a DLL, the application that 
called the DLL will own the object. 
There is a way around this, though: al¬ 
locate the memory using the 
GMEM_DDESHARE flag; this will make the 
allocating code segment (rather than 
the current task) own the memory. 

Q: My application is very CPU-inten¬ 
sive. Should I use Yield() to allow 
other applications to run in the back¬ 
ground? 
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Listing 2 — Cont’d 

switch(i){ 


case 0: *r=l; *g=k; 

*b=m 

break; 

case 1: *r=n; *g=l; 

*b=m 

break; 

case 2: *r=m; *g=l; 

*b=k 

break; 

case 3: *r=m; *g=n; 

*b=l 

break; 

case 4: *r=k; *g=m; 

*b=l 

break; 

case 5: *r=l; *g=m; 
default: 

*b=n 

break; 


fprintf( stderr,"hsv2rgb: bad i: %f Hi", 
h. i ); 

exit( 1 ); 
break; 

} 

f = *r; 

f - ( f < *g ) ? *g : f; 

f - ( f < *b ) ? *b : f; 

f = v / f; 

*r *- f; 

*9 *- f; 

*b *- f; 

} 

/* End of File */ 


A: Using Yield() will not allow the 
user to minimze or close your applica¬ 
tion. If your application is running maxi¬ 
mized, Yield() will allow other applica¬ 
tions to continue running in the back¬ 
ground, but not allow any user interac¬ 
tion. 

One solution is to create a function 
such as MyYieldf), as shown in Listing 
1. This is very similar to an application's 
main message loop, but with the dif¬ 
ference of using PeekMessage() instead 
of GetMessage(). The sample function 
will loop as long as there are messages 
to be processed, and then return. Your 
main window function should handle 
mjQUIT messages. 

Beating The System 

Q; Is it possible to change the 
palette entries for a VGA running in 16- 
color mode? 

A: If you are using a standard driver, 
you will need to bypass Windows to do 
it. If you ask Microsoft, they will tell you 
to buy the DDK, but there is another 
way. Table 2 shows how the Windows 
system palette maps onto the VGA 16- 
color palette. 

Hence, define the following macros: 

#define syspal (n) (n<7 ? n :\ 

(n>8 ? n+4 : (n=7 ? 12 : 7))) 
Idefine vgapal (n) (n<7 ? n :\ 

(n>12 ? n-4 : (n=7 ? 8 : 7))) 

When you get a WM_SETFOCUS event, 
save the current state of the hardware 
color map and install the one you want. 


When you get a WM_KILLFOCUS event, 
restore the original palette. Do not use 
the pallette registers directly, though, 
just modify the color registers that they 
point to. 

Q: Is it possible to launch a Windows 
Application from a DOS application run¬ 
ning in a window? 

A: Yes, in principle. In practice this is 
very difficult, as the DOS application is 
running in a separate virtual machine; 
the only context it has in common with 
Windows is the underlying DOS. The 
basic principle for working around this 
is to use a TSR that talks to both the 
DOS application and a Windows “wrap¬ 
per” application that will then call Win- 
Exec () to start the new Windows ap¬ 
plication. 


First, create a TSR that gets loaded 
before Windows and whose services 
will be available to both DOS applica¬ 
tions and Windows applications. When 
you start Windows, your wrapper pro¬ 
gram can call the TSR with an INF 2F, 
giving it the address of some memory 
allocated by GlobalDOSAlloc() that 
you will use to pass information back 
and forth between the TSR and 
protected-mode Windows. While 
processing this INT 2F, you issue one 
of your own, with AX equal to 1683h. 
That will return in BX the magic number 
of the Windows Virtual Machine, which 
is currently 01 h but may change. 

The DOS application issues an INT 
2F, passing the name of the desired ap¬ 
plication to the TSR. The TSR copies the 
information into a private data buffer in 
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the TSR’s address space, not to the 
memory allocated by Global- 
DOSAl loc() (which only exists in the 
Windows virtual machine). 

Now for the hard part You need to 
call back to Windows when the Win¬ 
dows VM is scheduled. To do that, use 
INT 2F, with AX equal to 1685h, BX 
equal to the Windows VM number that 
you saved from the initialization step, 
CX equal to the flags, DS:SI equal to 
the priority boost and ES:DI equal to 
CS:IP of a procedure to call. When the 
Windows VM is scheduled, your proce¬ 
dure will be called. That procedure can 
copy the name of the application into 
the memory allocated by 

GlobalDOSAlloc(), issue an INT 2F to 
the windows wrapper program, and 


IRET. The windows wrapper program 
can use the data in the memory allo¬ 
cated by GlobalDOSAlloc() to Uin- 
Exec() the desired program. 

You can find further information 
about the INT 2F functions in Appendix 
D of the Virtual Device Adaptation 
Guide, which is a part of the DDK. 

Q: How do I force Windows to res¬ 
tart (as the Windows Setup program 
does)? 

A: It's simple, but undocumented. 
Just make the function call 

ExitWindows( 0x42L, 0 ) 

and windows will do the rest for you. 
Naturally undocumented features are 


not guaranteed to work in any future 
Windows versions. 

Q: Is there any convenient way to 
use HSL (Hue, Saturation, Luminosity) 
color values in Windows, instead of the 
usual RGB (Red, Green, Blue)? 

A: Yes, it’s possible, but there is no 
single conversion formula. The proce¬ 
dure in Listing 2, however, will convert 
an HSV value into an RGB equivalent. 
The reverse process is left as an exer¬ 
cise for the readerl 

For More Information 

First of all, if you do not have the 
SDK, you will probably want to pur¬ 
chase the SDK documentation, which is 
available separately either from 
Microsoft Press or from your local 
bookstore. The relevant volumes are: 
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TUB ™ is FASTEST! 


0:41 


0:19 


RCS™ 4.2 PVCS'" TUB'" 3.0 


0:09 

TUB'" 5.0 


Times are to update a 45K library on a PC/XT. PVCS and TUB 3.0 are 
from Sept 87 PC Tech Journal. MKS RCS 4.2 and TLIB 5.0 are newer. 


TLIB™ is BEST! 

“Do no! be fooled by the fact that this is the 
least expensive of the five packages reviewed 
here - TLIB has features and power to spare" 
John Rex, Computer Language 
“TLIB is a great system" J. Vallino, PC Tech J 

• Full-Featured Version Control for Software 
Professionals. Check-in/out locking. Branching. 
Keywords. Wildcard and list-of-file support. Can 
merge parallel changes and undo intermediate 
revisions. Network and WORM support. Main¬ 
frame compatible deltas for Pansophic, ADR, IBM, 
etc.. Integrates with Opus " MAKE & Slick " MAKE. 

MS-DOS $139, OS/2 $195 + shipping visa/MC 
5 station LAN license $419 (OS/2 $595), call for other sizes 

BURTON SYSTEMS SOFTWARE 

PO Box 4156, Cary, NC 27519 (919)233-8128 
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IHTEL® 80486 
MACRO DISASSEWLER 

MD86 (Masterful Disassembler) is the 
most comprehensive macro disassembler 
on the market. Interactive by design not 
after-thought. Features include: 

► User defined macros with arguments 

► Auto code/data separation 

► Auto commenting and label naming 

► Command menus and help screens 

► Customizable disassembly options 

► Comprehensive, indexed, manuals 

► Fully supports 8086/87 thru 80486/87 

► COM/EXE/SYS/mcmory/other^ 

► Cross reference and more! 

Still only $67.50 +tax ($1.50 s/h) 

C.C. SOFTWARE 
1907 ALVARADO AVE. 

WALNUT CREEK, CA 94596 
(510)939-8153 



Transputer Education Kit 

for students, professionals, and hobbyists 

$396 

• PC add-in board including 20-MHz 32-bit T400 

transputer, PC interface, and 1 Mbyte memory 

• T400 C compiler and assembler 

• T400 0ccam2 compiler and debugger 

• 1500 pages of documentation, including schematics 

• Example and demonstration programs 



CSA also carries a complete line of professional 
transputer products including boards, software develop¬ 
ment tools, and multi-user parallel processing systems 

Computer System Architects 

950 N. University Avenue • Provo, UT 84604 
(801) 374-2300 • 1-800-753-4CSA 
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A " 

Z^ARCTOS 

SYSTEMS CORPORATION 

X-Port Parallel Adapter 

Expand mass store capabilities 

Attach CD-ROM and SCSI based 
peripherals to a single parallel port 

Comes with drivers for DOS, MSDEX 

Low power, compact size 

For notebooks, laptops, desktops 

$226 + shipping & handling 

PO, Cheque, VISA 

300 March Rd., 4th Floor, 

Kanata, Ontario, Canada, K2K 2E2 
(613) 691-3084 (613) 691-1806 (fax) 
Dealer & OEM enquiries welcomed 


□ Request 101 on Reader Service Card □ 



□ Request 127 on Reader Service Card □ 

October 1991 































TECH 

Marketplace" 


IMPACT VI .0 
Image Processing 

* Image Enhancement 

* Image Restoration 

* 2-D Data Analysis 

* Object Segmentation 

* Pattern Recognition 

IMPACT V1.0 is a completely integrated image processing 
system containing over 12 Mbytes of programs (>120 funcs) 
designed to run on any basic PC/AT without special 
hardware . It contains all basic math + Boolean functions, 2-D 
FFTs, (de)convolution, bandpass filtering, edge 
enhancements, editable filter masks, RGB color mapping, 
Riemann mapping, 3-D stereoscopic projections, non-linear 
contrast stretching, thresholding and re-normalization, 
contour and area integrals, ROI statistics, pixel-line plots, 
etc, etc. 

$225 

(FREE upgrade to V2.0) 

$4.50 S&H, NM add 5.875% 

TARDIS Systems Inc. 

945 San Ildefonso, Suite 15 
Los Alamos, NM 87544 

Voice + FAX: (505) 662-9401 
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Disk duplication 
All formats 

EVERLOCK copy protection 
Label/sleeve printing 
Full packaging services 
Warehousing 
Drop shipping 
Fulfillment 
48-hour delivery 
Consultation & guidance 




Star-Byte, Inc. 

2880 Bergey Rd Hatfield, PA 19440 


800-243-1515 
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FLOATING POINT 
ARRAY PROCESSOR 

* Operates on Arrays & Matrices; 
Integer, Real, & Complex Structures. 

* Process math-intensive algorithms 
100 times faster than the 80387. 

* 598 mathematic & scientific functions 
on-board in EPROM, callable from C. 

* Private high speed STATIC memory 
(0.25 to 4.25 megabytes) on board. 

* 3 niegabytes/sec to/from ISA host. 

* Direct hardware link to video & A/Ds. 

* 1000 page reference manual. 

* $2495.00 complete with software. 

■k Call for function list and benchmarks. 

Eighteen Eight Laboratories 

1-800-888-1119 FAX 702-294-2611 
1247 Tamarisk Lane 
Boulder City, NV 89005 

□ Request 150 on Reader Service Card □ 


Instant 

Microcontroller 



Instant C Programming 

Don't use a microprocessor, usea SmartBlock' M 
microcontroller module to build your custom 
controller. Our low cost Dynamic C™ makes 
programming a snap. 3.5 x 2.5 inch module 
includes microprocessor, memory, time/date 
clock, eeprom, watchdog, serial ports and more. 
As low as $59 in quantity. The efficiency of a 
custom design without the headaches. 

Z-World Engineering 

1340 Covell Blvd., Davis, CA 95616 USA 

Tel: (916) 753-3722 

Regular Fax: (916) 753-5141 
Automatic Fax: (916)-753-0618 

(Call from your fax, hear computer voice, use 
touchtone dial to request desired data sheets.) 

□ Request 279 on Reader Service Card □ 


32-bit Protected Mode 
386 C Graphics Library 

Intel 386/486 C Code Builder 
MetaWare, MicroWay, SVS, 
Watcom & Zortech with 
Phar Lap 3861 ASM 

Mixed Raster/Vector, 
Scalable, Rotatable Font, 
VGA, SVGA, 8514/A, VESA, 
Hercules Graphics Station 
through 1024x768x256 (8-bit), 
640x480x32k (16-bit), 
512x480x16.7m (32-bit), 
WYSIWYG HP-GL/PostScript 
$200 NO ROYALTIES 
FULL SOURCE CODE 
Gary R. Olhoeft 
P.O. Box 10870 Edgemont 
Golden, CO 80401-0620 
303-877-3697 CIS 76665,2021 

□ Request 294 on Reader Service Card □ 


DEVELOPERS! 

AEqEAOnEPS! 

GOING INTERNATIONAL? 

Our string extemalization utilities and C 
functions can help you get your package ready 
for the international market. 

These proven utilities extract literal strings 
from your C source code, ready for editing, 
translation or encryption, without impacting 
your original executable. While saving scarce 
initialized data space, these functions allow 
your easily re-denned prompts to behave as if 
they were compiled directly into your program. 
This permits the original executable to "speak" 
the language of your choice, even Japanese! 

Includes all object/source code and libraries 
for popular C compilers. Price $149.95 for ob¬ 
ject, $249.95 for source code site license. No 
royalties. DOS, Unix, Mac, etc. VA residents 
add sales tax. 

Network Dynamics, Inc. 

2225 S. Henry Street, Suite L-2 
Williamsburg, V A 23185 
Phone (804) 220-8771 Fax (804) 220-5741 

□ Request 149 on Reader Service Card □ 
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ONE STOP 
SOFTWARE 
DUPLICATION 


❖ Disk & Tape Duplication 

❖ Documentation Printing 

❖ Package Assembly 

❖ Distributive Shipping 

❖ Bulk Disk & Tape Sales 

❖ Optical Media Duplication 

(800) 222-0490 
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DUPLICATION 

EQUIPMENT 


❖ Unattended Volume Duplication 
PC Based & Standalone Units 

❖ Up to 180 disks/hour! 

❖ Easy Installation 

❖ Expandable & Field Upgradeable 
♦♦♦ Maintenance Contracts 

♦♦♦ CD ROM Development Systems 


(800) 222-0490 
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• Microsoft Windows Programmers Ref¬ 
erence. Microsoft Press, 1990. 

• Microsoft Windows Programming 
Tools. Microsoft Press, 1990. 

• Microsoft Windows Guide to Program¬ 
ming. Microsoft Press, 1990. 

• SAA CUA Advanced Interface Design 
Guide. IBM, 1989. 

Beyond these, you definitely should 
get at least the “bible” of Windows 
programming, Charles Petzold’s 
Programming Windows. Some of the 
choices are: 

• Murray, william and Chris Pappas. 
Windows Programming: An introduc¬ 
tion. Osborne McGraw-Hill, 1990. ISBN 
0-07881-536-3. 


• Petzold, Charles. Programming Win¬ 
dows. 2nd edition. Microsoft Press, 

1990. ISBN 1-55615-264-7. 

• Richter, Jeffrey. Windows 3: A 
Developer's Guide. M&T Books, 1991. 
ISBN 1-55851-164-4. 

•Tello, Ernest. Object-Oriented 
Programming for Windows. Wiley, 

1991. ISBN 0-47152-957-5. 

• Wilton, Richard. Microsoft Windows 
Developer's Workshop. Microsoft 
Press, 1991. ISBN 1-55615-244-2. 

• Yao, Paul and Peter Norton. Windows 
3.0 Power Programming Techniques, 
Bantam, 1990. ISBN 0-55334-940-6. 
Also, you should call your local 

Microsoft office and request the Win¬ 


dows 3.0 Developers’ Notes. These 

notes (part number 050-030-313, cost 

US $20) include: 

• Windows Setup Sources, including a 
disk with sample setup program 

• Font (.FNT) File Format 

• Executable File Header Format 

• Windows Write and Windows Calen¬ 
dar File Formats 

• Windows INT 21 and NetBIOS Support 
for DPMI 

• Developing Network Applications for 
Windows 3.0 

• Developing International Applications 
for Windows 3.0 □ 
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CopyControl 
COPY PROTECTION 


Control your profits with the copy protection designed 
with strength, user-transparency and compatibility. 

• Beats ALL the bit-copiers & Dis-assemblers 

• No hardware plugs or special disks required 

• Encrypts your program & adds anti-debug code 

• Allows you to produce full function demos 

• Compatible with LAN, backups & disk utilities. 

• Supports all Floppy & Hard disk formats 

• Allows you to change parameters remotely. 


Control when, where, and how your software is ran. 
Compatible with all IBM/DOS Computers. 

$595 Unlimited Version, 30 day Money back guarantee 
Also available by Meter Count Qjgj 


Free Demo & Info • COD • PO 


Tlicrocosm Inc. 


Drawer 0, Wellington, MO 64097 


(800) 237-8400 ext. 212 
(816) 934-8384 / Fax (816) 934-2617 
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THE CD-ROM 
DEVELOPER'S LAB 


Comprehensive CD-ROM multimedia 
production resource for PC and Apple 
developers. Proven design, management, 
data prep programming, premastering 
and manufacturing techniques. Important 
specs from leading companies. Demos of 
off-the-self tools for imaging, audio and animation. 

Sample applications demonstrate the power of 
our source tools in C, Turbo Pascal. 

PC or MAC.@ $395.00; 
Transportable version @ $425.00, 
Visa/MC accepted. 

SOFTWARE MART, INC. 

3933 Spicewood Springs Rd., Suite [-100 
Austin, Texas 78759 
(512) 346-7887 FAX: (512) 346-1393 
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The Upper Deck Editor 

A Serious Editor For Windows 3.0 

Edits files larger than 64K, real 
UNDO (300 levels), regular expres¬ 
sions, search across multiple files, 
split-screen file comparison, com¬ 
piler support, keyboard macros, fully 
customizable. 

INTRODUCTORY PRICE $75 

Call for our fully functional 

DEMO DISK! 

(619) 741-1075 

Upper Deck Systems 

P.O. Box 2751, Escondido, CA 92033 
□ Request 350 on Reader Service Card □ 



LBARN *C* WITH BASB Lean C withl 
Audio Cassettes. LEARN WITH EASE allows 
the student to learn a language at their own 
pace. Learn at home or on the way to work. 
Easy to learn. Manual included Beginning or 
Advanced $69.95. C, C++, Basic, Pascal, 
Fortran MASM and TASM availible. 

FASTLIB Assembly Language Libraries. 
Over 300 ready to run Assembly Language 
routines for C, Pascal, Basic or Fortran. 
5129.95 per Library. 

PRINTIT Send cmds to Laser or Dot Matrix 
printer. Make files with multiple cmds $59.95 

As a full service Systems & Software organization, 
we offer Professional Programming and Training at 
■easonable rates. Call for more information. (415) 
t8 9-3388 

Add *4.50 per item S/H (CA + 7%) VISA & M/C 

Orders (800) 284-8489 
LM Systems A Software 
P.O. Box 1606 Union City, CA 94587 
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Speed Up Development With: 
Programmer’s SUPER-MAINT*- T “ 

The ‘Easier 1 Make Utility 


SUPER-MAINT builds your make and 
response files, remembers your command 
flags, the make file name, and more! 
Multiple setups handle many projects at 
one time - even with different compiler 
brands. SUPER-MAINT works for you so 
you can focus where you need to: on your 
programming! Still only $55 (+ 150 sAh. NY 

residents add tales tax). Make File Builder Supports 
Microsoft, Borland, Aztec, Clipper, Mix languages: just 
"point and shoot" at code files you want in your 
program! Free CompuServe Intro Pak With Purchase. 



EmmaSoft 
PO Box 238 
Lansing, NY 14882 

Voice: (607) 533-4685 
BBS: (607) 533-7072 


^ 3 


□ Request 352 on Reader Service Card □ 
October 1991 
































FIX 80386 



SAVES YOUR PC 


The FIX-80386 solves the Errata 21 timing problem 
that is showing up on many PC's. IF your PC locks up 
when running UNIX or AUTOCAD, HP BASIC, MICRO 
CADAM PLUS or memory extenders in MS-DOS you 
will need this part. The part is placed between the 80386 
and its socket. Constructed of gold pins and sockets for 
highest quality. Available immediately. ALSO ASK 
ABOUT OUR UNIQUE SOLUTIONS FOR PROBING 
PGA's, PLCC's and LCC's. 

IRONWOOD ELECTRONICS < 

P.O. BOX 21151, ST. PAUL, MN 55121 1 fl 

(612)431-7025; FAX (612) 432-8616 1 
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CHOICE INSTALL 

The BEST choice to install your 
product. Only one license fee for all 
of your products and all of the 
features you want including auto 
configuration, error handling, more. 

$149 plus shipping, demo disk $5. 
Source code +$100. Requires C 
Compiler (Microsoft, Zortech or Bor¬ 
land). Use it successfully or we’ll 
refund your money with no hassle. 
Order today, use it tomorrow, ship 
your product the day after. 

ChoiceWare 

8802 E. Broadway #211 

Tucson, AZ 85710 

(602)298-0666 

□ Request 347 on Reader Service Card □ 



"Highly recommended" - J. Dvorak, PC Magazine 
"Outstanding... lets you explore the creative 
possibilities of fractals" -- Amstrad PC Magazine 
"Quick and easy to master" - New Scientist 
"Impeccably lucid... operations are fast" - BYTE 

Fractal programming tutorial, 160 -page Guidebook, 
Microsoft C programs, 200+ modifiable templates. 
Supports DXF and .PCX files. CGA to Super-VGA. 

Orders/Info: CALL 802-888-5275 

Cedar Software box 5140-R1, uoms»iiie vr os 6 si 
□ Request 171 on Reader Service Card □ 


WINDOWS & DOS DEVELOPERS ! 
DataLIB Reads & Writes 

SPREADSHEET, DATABASE and ASCII FILES 
Use DataLIB to add advanced data import/export 
features to your Windows and DOS applications. 
DataLIB can read & write Lotus 123 (WKS, WK1, 
WK3), Excel (XLS), dBASE (DBF), DIF, SYLK, Quattro 
(WQK) and ASCII (CSV, TXT, TAB) data files - all with 
the same set of function calls! A single function call 
converts a file to a different data format! Data types 
include string, char, boolean, integer, real, and 
date/time. Formats includes decimal, scientific, 
alignment, currency, percent, comma, and sign. Access 
entire files or individual cells or fields. Support new 
formats with almost no source code change. DataLIB is 
a very simple yet powerful library! DataLIB/Windows is 
a set of Dynamic Link Libraries callable from C, C + +, 
Actor, Realizer, C, Smalltalk, Visual Basic, Word, 
AmiPro, Plus, ToolBook, Turbo Pascal/Windows, and 
most systems that support DLL calls. DataLIB/DOS is 
available for Microsoft C, Borland C+ + and Turbo C . 

NO ROYALTIES ! 

Only $395 gets you everything ! 

To Order Call: 1-800-ASK-4-DATA 

For Information Call: 12151 564-5577 
DatTel Communication Systems, Inc. 

3508 Market Street, Suite 415, Phiadelphia. PA 19104 

□ Request 151 on Reader Service Card □ 


SOFTWARE & HARDWARE 
Development 


‘Software ‘Firmware 
‘Designs ‘Reviews 


TARDIS Systems Consulting Group 


***************************************** 

Why not get the BEST? We represent a group of top- 
notch highly motivated scientists and engineers from one 
of this countries leading national labs. They want to 
market their skills in the private sector. 

***************************************** 

Dr. Christopher A. Ciarcia 
TARDIS Systems Inc. 

945 San lldefonso, Suite 15 
Los Alamos, NM 87544 
Voice + FAX: (505) 662-9401 
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SCdlabie FOntS 

Integrate the FastFont ™ Typeface 
Manager object library into your 
application to add fast, on-the-fly 
printer and display fonts. Includes 
the three most popular hinted font 
families. 300+ fonts available. 
Only $495 with NO ROYALTIES. 



ATECH 


Ancier 

Technologies 

5964 La Place Ct. #125 
Carlsbad, CA 92008 
Ph: 619/438-5004 xl32 
Fax: 619/438-6898 
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NETWORK 

CONTROL 

LIBRARIES 

NETBIOS ROUTINES allows ac¬ 
cess to low-level network func¬ 
tions. Name, session, and 
datagram routines. Wait and no¬ 
wait options. $99 

NETWORK MASTER provides 
access to Netware internal func¬ 
tions. Complete network control 
from your compiled programs! $99 

Starlight Software 

P.O. Box 1090 
Wheeling, IL 60090 
(708) 394-0622 


□ Request 170 on Reader Service Card □ 
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PROGRAMMING 
WITHOUT LANGUAGE 


DIRECT CODING 


Software made CCISy. 

Professionals, Scientists, 
Engineers, Technicians. 

M-Code $149.00 
A tool to write software for the 
8088 family, 8051 family 
and other processors 
Call or send for data sheet 

Box 4601 Carmel CA 93921 
UWSystems (408) 625 9016 
□ Request 178 on Reader Service Card □ 


SDLC OR X.25 SUPPORT 
ON THE PC 

Use Sangoma SDLA card to provide 
cost effective, stable and easy to use 
SDLA or X.25 links from PCs running 
MS-DOS, UNIX, C-DOS etc. 

All real time communication functions 
performed by intelligent coprocessor 
card and microcode without interrupt¬ 
ing the PC. 

• Four independent addresses in SDLC 
mode. 

• Up to 250 Logical Channels in X.25 
mode. 

• Full function SNA emulation pack¬ 
ages also available. 

SailgOmaTechnologies Inc. 

■a (416) 474-1990 


□ Request 118 on Reader Service Card □ 
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UNIQUE —your insider’s guide 
to the UNIX industry 


Every month Unique brings you: 

□ industry news and gossip 

□ market analyses 

□ unbiased, in-depth system and 
software reviews 

□ information on new startups and 
products 

Call (913) 841-1631 for your subscription. 
You’ll pay only $79 for a full year of the 
most complete insider news in 
UNIX and Xenix. 

R&D Publications, Inc. 

2601 Iowa St. 

Lawrence, KS 66046 
(913) 841-1631 
FAX: (913) 841-2624 


Is your product 
special? 

Is it so special only a 
programmer can 
understand it? 

Then advertise in 


the journal for programming specialists. 

Call (913)841-1631 today 

to reserve space 
for your ad. 

Ask for Jeff (Western Region), 
Donna (Midwestern Region), 
or Ed (Eastern Region) 


TECH. » 
specialist 
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2601 Iowa St. 
Lawrence, KS 66046 
(913) 841 -1631 FAX: (913) 841 -2624 


FREE 

Product 

Information 

Use this postage paid 
card to stay up to date 
on products 
that affect 
your productivity. 

Just fill out the card at 
the right and 
drop it in the mail. 



TECH. .. 
specialist 


Please help us serve you by 
answering the following: 

1) I program: 

□ for a living 

□ as a hobby 

□ as a manager 

2) I program in: 

□ MS-DOS 

□ Macintosh 

□ Xenix/UNIX 


REQUEST READER SERVICE NUMBERS: 



3) I program most frequently in: COMPANY 

□ Assembly □ BASIC ______ 

□ Pascal □ C ADDRESS 

□ Other _ 

□ Please send me subscription CITY/STATE/ZIP 

information. 


2.10 


NO POSTAGE 
NECESSARY 
IF MAILED 
IN THE 

UNITED STATES 


BUSINESS REPLY MAIL 

FIRST CLASS MAIL PERMIT NO. 682 LAWRENCE, KS 

Postage will be paid by addressee 
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2601 Iowa St. 

Lawrence, KS 66046-9950 
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BUSINESS REPLY MAIL 

FIRST CLASS MAIL PERMIT NO. 682 LAWRENCE. KS 
Postage will be paid by addressee 


specialist 


2601 Iowa St. 

Lawrence, KS 66046-9950 


NO POSTAGE 
NECESSARY 
IF MAILED 
IN THE 

UNITED STATES 


FREE 

Product 

Information 


Use this postage paid 
card to stay up to date 
on products 
that affect 
your productivity. 


Just fill out the card at 
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COMPUTER 


LANGUAGE 

EEZED 


BAT 


FIRST IMPRESSIONS LAST. 

MSTALL 3.0 GIVES YOUR SOFTWARE PRODUCT 
A PROFESSIONAL INTRODUCTION. 


Installation procedures that rely on 
batch files and DOS commands not 
only look amateurish but also have 
limited error handling capabilities. 
Today's users expect quality and ease 
of use from software — beginning the 
moment they open the package. A 
smooth, professional installation 
makes an important first impression. 

EVERYTHING YOU NEED 

INSTALL 3.0 is customized for your 
product with an ASCII text file called 
a "script file." INSTALL 3.0 comes 
with many sample script files that you 
can modify and use immediately. No 
programming is necessary to create 
most installations. However, C source 
code is included for your convenience 
and technical support is free. 

FAST AND SIMPLE 

Use INSTALL 3.0 to create an elegant 
installation procedure that will 
increase users' confidence in your 
product. INSTALL 3.0 takes advan¬ 
tage of available RAM for lightning- 
fast file transfers. All your documen¬ 
tation has to tell users is TYPE 
"A: INSTALL". 


INSTALL PRO 

• Builds distribution disk sets 
automatically 

• Creates a configuration file, 
containing all parameters for 
each disk set 

• Automatically builds INSTALL 
script files 

• Automatically formats disks 
(360K, 720K, 1.2M, 1.44M) 

• Uses a full screen, point-and- 
shoot interface for fast, efficient 
file tagging 

• Automatically splits large files 
across multiple diskettes 

• Literally cuts distribution disk 
building time from days to 
minutes for complex products 


KNOWLEDGE DYNAMICS 

Corporation 

Highway Contract 4, Box 185-H 
Canyon Lake, Texas (USA) 
78133-3508 

□ Request 103 on Reader Service Card □ 


PROVEN RELIABILITY 

INSTALL 3.0 has been used for over 
four years by some of the biggest (and 
smallest!) names in the industry, in 
the U.S. and abroad, to install millions 
of copies of their programs. Add your 
name to the list today. 

30 DAY MONEY-BACK 
GUARANTEE 

Free technical support. No royalties. 

MasterCard/VISA/COD/POs 

welcome. 

$399.95 INSTALL PRO 
$249.95 INSTALL 3.0 
$99.95 International Option 
$99.95 OS/2 Option 

SALES 

1/800-331-2783 ext. #0194 

International 
1/512-964-3994 
24 hour FAX 1 /512-964-3958 
24 hour BBS 1/512-964-3929 

CALL OR FAX BY NOON 
AND RECEIVE INSTALL 3.0 
TOMORROW! 











9:10. If you can imagine it, you can prototype it Iasi 
With 1bolBookb drawing tools. 





9:35. Create, size and move fields to get exactly what 
you want without a line of code. 


9:45. Buttons and hotwords establish links to other 
pages and documents. Even to other applications 
through DDE. 


10:15. OpenScript is a full-featured OOP language 
with built-in syntax checker and debugger. 


10:58. Finished. An elegant solution quickly and 
easily. Next? 


Something for people 
who watch the clock. 


Software scheduling used to happen on a calendar. 

Now you can do it on a watch. 

Introducing ToolBook” 1.5. The software construction set that lets 
developers build Windows” programs faster than you can say C++. 

ToolBook’s graphical programming features enable you to quickly 
create prototypes. Instead of writing pages of complex code to create a 
screen, just draw the screen. Instead of time-consuming.exercises to 
change the screen, you simply click and drag. Instead of weekends at the 
office, spend them at home reading your favorite computer magazines. 

ToolBook includes OpenScript! An OOP language that has the 
muscle and agility you’re looking for in a serious development tool. Plus 
a built-in syntax checker and debugger to find and fix problems faster. 

Is there a limit to how complex you can get with something that 
works this easily? Yes. We’re just not sure what it is. Because if you can 
think of it, you can use ToolBook to create it. 

In fact, you can make it come alive.ToolBook’s Script Recorder 
creates animation sequences with a simple point and click. 

ToolBook offers other sophisticated graphical capabilities, too. You 
can take advantage of a whole range of colors, a clip-art library and 



graphics from other Windows applications. Even import 256-color 
bitmap images up to 1 megabyte in size. 

You can link ideas any way you want, too.ToolBook’s hypemavigation 
features let you make the connections. Once they’re made, you can go 
deeper and deeper into large volumes of information. Just by clicking 
a hotword or a button. 

You can extend OpenScript with Dynamic Link Libraries, which 
are created in other programming languages. So ToolBook is ideal for 
putting a graphical interface on your mission-critical applications. 

ToolBook also supports Dynamic Data Exchange, which allows you 
to build solutions by integrating multiple Windows applications. 

And just to get you up and running quicker,ToolBook comes with 
a suite of sample applications with all scripts intact. Incorporate 
them. Or take them apart. But you don’t have to start from scratch. 

If you’re interested in learning more, call 1 (800)624-8999, Ext.299R 
and ask for a brochure and the name of your authorized dealer. For 
international inquiries, send a fax to (206) 454-0672 requesting inter¬ 
national information. 

Then prepare for a time change. 


TOOLBOOK 

Software Construction Set For Windows 

110-llOth Ave„ N.E., Suite 717, Bellevue. WA 98004 


Asymetrix, ToolBook and OpenScript are registered trademarks of Asymetrix Corporation. Windows is a trademark of Microsoft Corporation. Where indicated, 
product and company names are trademarks/registered trademarks of their respective holders. 
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